last executing test programs:

5m5.540042029s ago: executing program 32 (id=16):
socket(0x10, 0x3, 0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000006ffc)=0x4000000000000200, 0xe50fb6c50bc849c9)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000003c0)={0x0, 0x24}}, 0x0)
getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14)
sendmsg$nl_route_sched(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000940)=@newqdisc={0x78, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}, {0xffe0}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x4c, 0x2, [@TCA_TBF_RATE64={0xc, 0x4, 0x4e1e2563543d84f9}, @TCA_TBF_PBURST={0x8, 0x7, 0x1fc0}, @TCA_TBF_PARMS={0x28, 0x1, {{0x0, 0x0, 0x0, 0xffff, 0x101}, {0x0, 0x0, 0x0, 0x8, 0x2, 0x3}, 0xffffffff, 0x81}}, @TCA_TBF_PRATE64={0xc, 0x5, 0xcb59372f370e8465}]}}]}, 0x78}}, 0x4000080)
sendto$inet6(r0, &(0x7f0000000800)="4103082c1116480401020200c52cf7c25975e005b02f000006892f000300897c6b118777faffffff3066090cb600c5471d130a66321a54e7df305fbe258161b6fd8f2428652265d94c6fdbaefc57376a57c2feffff188be9427c323ef024a37016d2a7f9ab6e7941a6fc4f95aa73c1dfff4941f6503b5bd8c91db22cd33795481c94085fa12cdc679ac2a5d7b5d99b93fb07acb0da680e78b74c74aae8d7690d5986a9af81622a0ac210bc7b5ca5fed11cb54d046642670041e846bb184ff5d39fe8516d2d2a8d84e6e7dfcb2b8a8023444db513a3d7a124b59f0a5cd36489dbbb75cce3145d0ea3c3aa21af7cbcbc7a7575db782e757ca543109f5ddcec4930aa91f4119ea3d1f56140cb86cfe0724b23904ef5d05c725ee23918a502b1afe09fb0757d", 0xfc13, 0x880, 0x0, 0xfffffffffffffef0)

3m1.099798656s ago: executing program 33 (id=225):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)=ANY=[@ANYBLOB="4c00000002060108000034e40000f00000000000050001000600000005000400000000000900020073797a3100000000050005000200000c12000300686173683a6e65742c706f7274"], 0x4c}}, 0x2)

2m21.700224321s ago: executing program 5 (id=328):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x3, 0x0, 0x7fffffff}]})
mknod$loop(&(0x7f0000000000)='./file2\x00', 0x0, 0x0)

2m20.776298756s ago: executing program 5 (id=330):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d9, 0xa055, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x8, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x4}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
removexattr(&(0x7f0000000040)='./cgroup.cpu/cpuset.cpus\x00', &(0x7f00000001c0)=@known='user.incfs.id\x00')
keyctl$join(0x1, &(0x7f0000000100)={'syz', 0x3})
keyctl$join(0x1, &(0x7f0000000140)={'syz', 0x3})

2m17.495957607s ago: executing program 5 (id=335):
syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000080), 0x0, 0x236, &(0x7f0000000300)="$eJzs3TFoM2UcBvDnLomf/b4gVRdBUEFEtFDqJrjURaEgpYgIKlREXJRWqC1urZOLg84qnVyKuFkdpUtxUQSnqh3qImhxsDjoELlcK9VGFFNz8t3vB5fcJe97//e4e95kOS5Aa00nmU/SSTKTpJekON/grnqZPt3cntpfTgaDx38shu3q7dpZv2tJtpI8mGSvLPJiN9nYffro54NH731jvXfPe7tPTU30IE8dHx0+dvLu4usfLjyw8fmX3y8WmU//D8d1+YoRn3WL5Jb/otj/RNFtegT8E0uvfvBVlftbk9w9zH8vZeqT9+baDXu93P/OX/V964cvbp/kWIHLNxj0qt/ArQHQOmWSfopyNkm9Xpazs/V/+K87V8uXVtdemXlhdX3l+aZnKuCy9JPDRz6+8tG1P+X/u06df+D6VeX/iaWdb6r1k07TowEmqcr/zLOb90X+oXXkH9pL/qG95B/aS/6hveQf2kv+ob3kH9pL/qG95B/a63z+AYB2GVxp+g5koClNzz8AAAAAAAAAAAAAAAAAAMBF21P7y2fLpGp++nZy/HCS7qj6neHziJMbh69XfyqqZr8r6m5jeebOMXcwpvcbvvv6pm+brf/ZHc3W31xJtl5LMtftXrz+itPr79+7+W++7z03ZoExPfRks/V/3Wm2/sJB8kk1/8yNmn/K3DZ8Hz3/9KvzN2b9l38ZcwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMzG8BAAD//8n0bSk=")
mount(0x0, &(0x7f0000000c00)='./file0\x00', 0x0, 0x18c1062, 0x0)

2m15.588018945s ago: executing program 5 (id=339):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
bind$inet(r1, &(0x7f0000000280)={0x2, 0x4e21, @multicast1}, 0x10)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000000)=[@mss, @sack_perm, @window={0x3, 0x7}, @mss={0x2, 0xfff}, @window={0x3, 0x0, 0x401}, @window], 0x20000000000000e4)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f00000001c0), 0x4)
setsockopt$sock_int(r0, 0x1, 0x1d, &(0x7f0000000100)=0x6a, 0x4)
socket(0x10, 0x3, 0x0)
sendto$inet(r1, &(0x7f0000000340)='\x00', 0x1, 0x4c001, 0x0, 0x0)
sendto$inet(r1, &(0x7f0000000900)="2e552f5d9fd8b0d9627c4980f0d1ea2bf8f617a682acd2841acd878bd68344d4f50f83b0c51fa9025a01c95d4a068ec8b12d01010000a44c4505ba9a36f2cf4cc5e8308126d0a2c3b9d24e57c5011376b6263e2a1258eec1eb72bedea3eb5ccf73eb081b4c6d5faa998d7b795c057dd757d14200a8a6dbb3e59df96b77d16753ac4b32b94ffe6b5ee304d0428eb18056657c8c5c71c632be66cb26fe5c9abec7591ef3cb9b2a1133e9fa9bf0de6c378bed7b51cb8a07c343aabfda193349b91a5dc81a658cb61fbbfa51ef95abe03381ee2cb8d41da19ea8b96ec68ce17cf57da60f1d04acaf34a643db8d2d5ad2991f306b42744347a0c9e1fe2136b2b3da49032d3a57df1e236222cf6d6fe396aff8e5fe7fff5baa88789b783c12045e2c904a5d118369fdddc3e6e2f24bdbb26df92ac9bf4751c897a87c0223888e36ad14ba6e4d879ff464cac6f13a3a543e067d922e99c50f2fc6391e9c1c82b7195005eafdbb3374200c134cbd0f11739e8c19dd07140686242fea48caf3a1a93b86f35d77f258a2c9ce24cf321068551a584262d7a74a344e428c77c8af755e72904b0ca8a0bb359fb0", 0xffffff5d, 0x12, 0x0, 0x0)
recvfrom$inet(r1, &(0x7f0000000080)=""/8, 0x8, 0xc9100120, 0x0, 0x0)

2m13.483811414s ago: executing program 5 (id=343):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9}, 0x94)
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000000c0)={0x1, &(0x7f00000005c0)=[{0x6}]})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_SEND(r0, 0xc0502103, &(0x7f00000001c0))

2m12.08775287s ago: executing program 5 (id=347):
socket$nl_route(0x10, 0x3, 0x0)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
getpid()
r0 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xd}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_io_uring_setup(0x497, 0x0, &(0x7f00000000c0), &(0x7f0000000280))
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = socket(0x10, 0x3, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0)
sendmsg$nl_generic(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="180000001600010a"], 0x78}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
ioctl$sock_bt_hidp_HIDPCONNADD(r0, 0x400448c8, &(0x7f00000000c0)={r1, r1, 0xc, 0x3, &(0x7f00000009c0)="160000", 0x24, 0x1, 0x16c0, 0x5505, 0x3f47, 0x3, 0xffffffff, 'syz0\x00'})
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x80}, 0x0)

2m6.621450566s ago: executing program 6 (id=250):
syz_usb_control_io(0xffffffffffffffff, 0x0, &(0x7f0000000580)={0x84, &(0x7f0000000340)=ANY=[@ANYBLOB='\x00N\b'], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000080)={'vxcan1\x00', <r1=>0x0})
connect$can_bcm(r0, &(0x7f0000000040)={0x1d, r1}, 0x10)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000000)={'vxcan0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000080)=@getchain={0x24, 0x11, 0x1, 0x0, 0x2000001, {0x0, 0x0, 0x0, r3, {0x1}, {0x9, 0x1b}, {0xfff2, 0x6}}}, 0x24}}, 0x40044)
r4 = syz_usb_connect(0x5, 0x92b, &(0x7f0000000640)={{0x12, 0x1, 0x310, 0xe0, 0x67, 0x1d, 0x8, 0x1199, 0x901b, 0x7e5d, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x919, 0x4, 0x9, 0x3a, 0x0, 0x3, [{{0x9, 0x4, 0xbb, 0x2, 0xb, 0x2b, 0xd3, 0x46, 0x1, [@uac_control={{0xa, 0x24, 0x1, 0x80, 0xb0}, [@output_terminal={0x9, 0x24, 0x3, 0x4, 0x7d, 0x2, 0x5, 0x58}]}], [{{0x9, 0x5, 0xf, 0x4, 0x200, 0x1, 0x7, 0xc, [@uac_iso={0x7, 0x25, 0x1, 0x86, 0x3, 0x1}]}}, {{0x9, 0x5, 0xc, 0x11, 0xdca694e58dadad98, 0x4, 0x8e, 0x6, [@uac_iso={0x7, 0x25, 0x1, 0x3, 0x40, 0x8}]}}, {{0x9, 0x5, 0x4, 0x4, 0x8, 0xbe, 0xc, 0x40, [@generic={0x55, 0x22, "ff4ac60f6b7d58a75dd573bb9695c7f1c65ac92a01fcd8901a4329e573eeafef8bab8cacbf242395fe64928c8dd9fa830a2e18723f9c8bc448e5a7ad97281908a820aefa5963d404dde090ce7ba7afaf3ce9ee"}]}}, {{0x9, 0x5, 0x80, 0x0, 0x400, 0x80, 0x0, 0x5, [@uac_iso={0x7, 0x25, 0x1, 0x81, 0x8, 0x1be0}]}}, {{0x9, 0x5, 0x3, 0x0, 0x10, 0x86, 0x3d, 0x1, [@generic={0xd5, 0x1, "65dd05f7cd1e77a42b0aaa1a0faa359d8c4cd237f95d5afb42da246ad2bed4ce5f62cd648872eb98db528a57ddecc720159347982c037a969a1ede4f3eb906d694e4e07b27e3c73ce79794af6f854be42d219353aa6842fdc7e42a5da69eaece64c7a962aa2b0c19f3a1ba5c17f1d6c6ae7d597420cf2fad023bc8f0d217771018a200f2429429f6fc46bd7845531bbbb1bb2acf077499dabd3a5e23e7f54b0f4d91353501882495d8c7cde3b873dce5a9ddca27f3c88eb2a68508ab7bd142de1130efd03102eb76930b356ea93c57b6e67eaa"}]}}, {{0x9, 0x5, 0x8, 0xc, 0x20, 0x1, 0x0, 0x8, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x8, 0x5}]}}, {{0x9, 0x5, 0x8, 0x0, 0x10, 0x9, 0xa5, 0x95, [@generic={0x3c, 0xa, "89bc66ffe618a8a48237d41c630183175b349f88639e011f98cfd87416189e0808a886d0077b769110289217d41b036a6e1a1a65df0c673a9a19"}]}}, {{0x9, 0x5, 0x3, 0x10, 0x20, 0x7, 0x6, 0xc, [@uac_iso={0x7, 0x25, 0x1, 0x81, 0x5, 0xc8f1}]}}, {{0x9, 0x5, 0x1, 0x1, 0x40, 0x2, 0x93, 0x4, [@generic={0xb8, 0x30, "4b5a14a0a0b25a30816a4b8264788065a2407207cc23cc58a8f5cf6b7b9a2bc1cd8a9edcaff55597eada2697c348a4bf62e5fff1e95f3333a8798e14cdceeaa990cb7d04a28fa893cb9606c9957a6876e1d6c562e5b3ddb4a3367885b2875df292bdbdb169322310ae77a2d3ef1c78c715abc1b6b555bf8cbd5fd8af1981f76c1b02fcea5c7d36fd955c8e8371f01344d3766c5a14558d343b08b6217c927feac3fb90af5fce81ecc8bd808e2568de8969487311e883"}]}}, {{0x9, 0x5, 0x80, 0x3, 0x3ff, 0x5, 0x4, 0x3, [@uac_iso={0x7, 0x25, 0x1, 0x82, 0x33, 0x4}]}}, {{0x9, 0x5, 0x7, 0x0, 0x10, 0x73, 0x6, 0x1, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0x6}]}}]}}, {{0x9, 0x4, 0xe1, 0x0, 0xe, 0x77, 0x9a, 0x2f, 0x8, [@uac_as={[@format_type_ii_discrete={0xa, 0x24, 0x2, 0x2, 0x7, 0x6, 0x5, 'C'}]}, @cdc_ecm={{0xa, 0x24, 0x6, 0x0, 0x0, "989fdc1764"}, {0x5, 0x24, 0x0, 0x7}, {0xd, 0x24, 0xf, 0x1, 0x0, 0x4, 0x9, 0x2}, [@ncm={0x6, 0x24, 0x1a, 0x7, 0x2a}]}], [{{0x9, 0x5, 0x2, 0x13c7ddc2954fa79d, 0x200, 0x5, 0xc3, 0x9, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0x1, 0x2}]}}, {{0x9, 0x5, 0xe, 0x0, 0x40, 0x2, 0x2, 0x3, [@generic={0x2c, 0x31, "a97f03c765fb7756375649e8eced2331efd9c483f28a7815642f8d85ea80087167baac2c021382bef2cc"}, @generic={0x7d, 0xb, "5893b1fd0f6c2d1c8741fec53abc27eb77b7a6dff4a6e4d9d8e1a34c77a5bc17df74b407ecad111e0f71a1c2f7c23e5cc329469892ec2e4da7aeb73d0b0fc04ad58003614bfab91ea0bb95c96eae41a62eed8bf6d0571de2dbbfe817920ee5fba98627e006ac595197787bfb802f0c55ab4a2765550bc3a266605b"}]}}, {{0x9, 0x5, 0x8, 0x0, 0x20, 0x3d, 0x1, 0x4, [@uac_iso={0x7, 0x25, 0x1, 0x82, 0x0, 0x9}]}}, {{0x9, 0x5, 0x5, 0x1, 0x10, 0x3, 0x2, 0x5, [@uac_iso={0x7, 0x25, 0x1, 0x81, 0x6, 0xa}, @uac_iso={0x7, 0x25, 0x1, 0x3, 0x6, 0xb}]}}, {{0x9, 0x5, 0x5, 0x8, 0x3ff, 0x2, 0x1, 0xd, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0xbc, 0x8000}]}}, {{0x9, 0x5, 0xa, 0xc, 0x3ff, 0x4, 0x5, 0x7, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0xee, 0x2}]}}, {{0x9, 0x5, 0xf, 0x10, 0x200, 0x1, 0x4, 0x5, [@generic={0xd4, 0xc, "7aef09659c61ce43ead14dcf681e075032bea0a28597390e692d88be805df3257c7d9fdca14840a3b2352667655b1d6f6c31196ba5ebcbe663de1532f3cf3678cee4209b8edfb94ed45a31450424178b07309f95a0a3e333b8e9c40fab3c0efdbd6b11615be8cee27b61c3c55f2b34d89cbeac19b1f61153f831113fc08b00179639d60e53aecd3f3f2252ebf93910c3e5fd7a651732602c3a4e13b951b8675fbe01b64a1eb66680959d7bf255db23694de3054a6cff4dbc4fb895ddd2d28fdea26015c7fe4014b6c4aace0ec8973335b201"}]}}, {{0x9, 0x5, 0x2, 0x0, 0x400, 0xa, 0x9, 0x0, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0x3, 0x100}]}}, {{0x9, 0x5, 0x6, 0x10, 0x10, 0x5, 0xac, 0x2, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x1}]}}, {{0x9, 0x5, 0x1, 0x0, 0x10, 0x8, 0x9, 0x1, [@generic={0xe, 0xc, "ddcac6b6e88b69a39e166d34"}]}}, {{0x9, 0x5, 0x0, 0x0, 0x20, 0x5, 0x26, 0x0, [@generic={0xde, 0xb, "976d8e8af0385a9e625e27edbaea7240d7b35df75e04798f9dd9ccc5d6caa234f8f2744d6a0a2bf46bb34789f0596b00e250232afba788ca49954295fa7805b25cc1a8e4c4da8dc0418bccdbee834c84c2374ec19d0af16d1bdb31d0821fd601aad176737b5866f7ccd0f25c84e1e1a50c1e680fbf37a978b9832d89534d578ad8cf507ab1ec68a4700de0547500b9e71b2bf753edee91c78b4d62ee34bc32f0877cc51750fc1bfc6184dc28ec12c8141ec8458e72b5ec79b83d43296cb3e63c4615e8ee80f866f4fa1c0492cb762a0545a9dcedef44a3875457f41f"}]}}, {{0x9, 0x5, 0xe, 0x0, 0x8, 0x10, 0x10, 0x1, [@generic={0xd1, 0x21, "3d5091e0becc171c1bd34b7507ca90ec103b72aa8cc63a57b133811f00ee975762ba8d97f4a41c72d091b68ae676df43f6afe05ecc6614c34e2ea84db6b89635baede2d614597fdc9c8e74a73a3891b27457e2bbd22d3b8e81cbee2eda7c8694861d4c3c022123cd48167fe43c718e680a8f7829c6771d5d4d6690d87736bdc9756b4b1409a3a9c676d2e51e301f2919b672b09078eaa8b826d28b2384c9511a50def8159387b1ad107c2c83243f9baf2d9beeea12383016c60af3a68418c927ae2891410f19da9ad8b5d12f25a0df"}]}}, {{0x9, 0x5, 0x5, 0x2, 0x40, 0x0, 0x40, 0x9, [@uac_iso={0x7, 0x25, 0x1, 0x7, 0x6, 0x8}, @uac_iso={0x7, 0x25, 0x1, 0x1, 0xfa, 0xfffc}]}}, {{0x9, 0x5, 0xf, 0x0, 0x40, 0x8, 0x10, 0x1, [@generic={0xc3, 0x23, "d6334fdfc88c8efdca94f7757576867a9581410802668def49fc624a68f0d0fe40fe481a1571909ab56f85d9a11a5339f17e7b50b591befd9a0dec4a87716a80dd57fa8255bae2d0a5d757e94377180dec9f66f39dd3ec3f090bcd5d23e27bebc29b368b1d392c348501c00e6f088b8969117b020600a38ddee1fe4c5925ea6c25a017465109040009238ed4872a24e790bde7c8eb88d35dc761081e86af79af68686efe144acb546368aa3b7ed3a5eb7a6bdee52a55fffbf95476ca1021b1a4cf"}, @uac_iso={0x7, 0x25, 0x1, 0x83, 0x0, 0x3}]}}]}}, {{0x9, 0x4, 0x35, 0x63, 0x1, 0x30, 0xd6, 0x15, 0x5, [@uac_as={[@as_header={0x7, 0x24, 0x1, 0x99, 0x80, 0x4}, @as_header={0x7, 0x24, 0x1, 0x52, 0x1b, 0x4}, @format_type_ii_discrete={0x10, 0x24, 0x2, 0x2, 0xc, 0x8, 0xfa, "d4e04fc941cd37"}]}, @cdc_ncm={{0xb, 0x24, 0x6, 0x0, 0x1, "71b6f47f1570"}, {0x5, 0x24, 0x0, 0x9}, {0xd, 0x24, 0xf, 0x1, 0x3, 0x1, 0x1, 0x8}, {0x6, 0x24, 0x1a, 0x3ff, 0x1c}, [@mdlm_detail={0x94, 0x24, 0x13, 0x2, "11a7b64e7e242aceeba35dc53bbde88ef4fb9ecaddbe6f67526799fb060a44f39a53dbd2f06b944e4a30ad7f383eb0c92f2119f9e7e8bc03f126ef8b2e04cfedf5c97280716ddc020f7725d79b0aabd0de3fbd0bb03c40240f95afc59e15a7183d04eff5df49ce0be5b33ea5574d810e32c0e3597677d0cd6d6bf9558099168290e5c67174d3ccf0cd7446a241531f36"}, @network_terminal={0x7, 0x24, 0xa, 0x68, 0x9, 0x77, 0x3}]}], [{{0x9, 0x5, 0x8, 0x14, 0x20, 0x2, 0xd, 0x0, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0x3, 0xe83}]}}]}}, {{0x9, 0x4, 0xac, 0xd, 0x1, 0xfc, 0xfb, 0xc3, 0x3b, [@cdc_ecm={{0xa, 0x24, 0x6, 0x0, 0x0, "f37d1d854e"}, {0x5, 0x24, 0x0, 0xdcbd}, {0xd, 0x24, 0xf, 0x1, 0x6, 0xb024, 0x8}, [@mdlm={0x15, 0x24, 0x12, 0x4}]}], [{{0x9, 0x5, 0x80, 0x4, 0x3ff, 0x8, 0x80, 0x2, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x4, 0x7}, @uac_iso={0x7, 0x25, 0x1, 0x1, 0x2, 0xb}]}}]}}]}}]}}, &(0x7f0000000240)={0xa, &(0x7f00000000c0)={0xa, 0x6, 0x300, 0x7, 0xa7, 0x8, 0x50, 0xc}, 0x108, &(0x7f0000000f80)={0x5, 0xf, 0x108, 0x4, [@generic={0x1f, 0x10, 0x1, "120769186a1555bc9fbeb54bd34feecd330dbd38512655ed03d3ae5a"}, @ext_cap={0x7, 0x10, 0x2, 0x2, 0x5, 0x2, 0xc000}, @generic={0xd3, 0x10, 0xa, "b63cac936482ce8ff798dd14d648ed8998619fbc438ac1b5ac0b160a2795230ea593fdd51472b6b9916368b36287992a03bd0a8916d13f5b4dcc26182bf74daeb1351b8d74e1a0d50805a258b0aae02f22625d70e9c3f0fd238289f1d4a1010d55c399b140fc0e3eb7b22f194fe913944934c2cc2093a8c72d2a8f92bcd4e384cedb2374b6675c81c6f49bdcd0f652919316ca29c4344b20614439a34134cb6f7c351979cce2400ff8861b5e33e204c3fa6fa0c814b40bc147c65fa486b540ae742823b18511f051f5aa8fe5bf9c5895"}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0x8, 0x30, 0x8, 0x8001}]}, 0x4, [{0x21, &(0x7f0000000100)=@string={0x21, 0x3, "0a63ae6c5a9fbaf3941080430072eb000eb16c9b9b68e6f5295062353d019e"}}, {0x4, &(0x7f0000000140)=@lang_id={0x4, 0x3, 0x422}}, {0xf8, &(0x7f0000000480)=@string={0xf8, 0x3, "54f5d36f98a0a7965d84f596ae32c077e9cc63025fe3ee1b19c7821082f05e96361fe7504f6b6d4b8a862a17f5996e66d09d24fe090b87996cee8edca66366e1754bf53868206431241459d47cd9a8f69ee6045f5782bb350ab568cc630c2dbd674b6ca8b2e49c0f9d543ea07c480ebd5a8c691055785bc2ab36aa37df1a4d27331e5d7cc9fc993c11e403a72be3add3b7812a470f7629615bc85729e20a42e62f45958f99332fb12b66559040dd5958acaf21b1561637378776861ac5c7fefda8c33bdc4131e8a2fe2fadfb5ce0ae3d4e2589b2141c8de235b003a8aebc2c50c555cf9109fb3b8dd6e446279997b10a45d67431ae99"}}, {0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x440a}}]})
syz_usb_control_io$hid(r4, &(0x7f0000001200)={0x24, &(0x7f00000010c0)={0x20, 0x0, 0x4d, {0x4d, 0x30, "e798491ee594122e2496ee8eaa6a0cdebb033ef1741d932b7e45724362c165e37cf155f1ad5d548a78283d8bd501c632bd7b7867fd5d697a38d551f91132cd8e4b2030241c8e8161ff5ffe"}}, &(0x7f0000001140)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x403}}, &(0x7f0000001180)={0x0, 0x22, 0x3, {[@global=@item_012={0x2, 0x1, 0x3, "e539"}]}}, &(0x7f00000011c0)={0x0, 0x21, 0x9, {0x9, 0x21, 0x7, 0x5, 0x1, {0x22, 0x7a3}}}}, &(0x7f0000001540)={0x2c, &(0x7f0000001240)={0x0, 0x14, 0xde, "8ae40d931a20a30a4a4ab6a74f516bfda692d57eb5e728f1ec8b69b14396f98abdab8f8a244976b20a145ad4274b6e16b47f078aca46a739da1ea14afe814d69c8cb9e40afdef9131e5fecfddf1e76fd571f344926c83f20bd36d541e7e6f72151dca550cbbd63c8ee988bb57318bf3bea02ff08f7adaa880300f0655af14af2b9c43e9d273a7c548b61869698b9f2ce404f10811bacb4ac32bbe42286ac8a64da25221624d6d2dcfc474125eafa54004ec56fd23e1bac4885bedd978beb143e99876e62cd25616e914ec09fb83973713cc84616e99cd2b7791161f0faa0"}, &(0x7f0000001340)={0x0, 0xa, 0x1, 0x20}, &(0x7f0000001380)={0x0, 0x8, 0x1}, &(0x7f00000013c0)={0x20, 0x1, 0x100, "acbbd842e241cb82a8f283c0f040f5bcd0eaea656483c3b981e95e38ce4899c57973ea397e878480953fee106fb59d22bbeba9fa8e8f1e90d38fc808c6512f9472145cee31773319558002870ce77eb409bea706125565936788b1a077dc0f15ff76d520ca2b21463cbc68c7dbb7b20e3c23db74097513d73f601c515e0f597d1934ce32d5ff4af8342d1a4ea748716751578f48d4070234b222a1bb7128827a304b5863ef3979fc4f9c62d8caa195cd70fc0cdefc5af2fb58459737a33a6c9a8a28cac5e10223a15216d32fe636e1d7320b976bd6cdb68e5b320f452510bf22b30cdcb78f225a6b24b88ceb4cf7b24f34cc2eae33bab84c8c3f8687e82eb100"}, &(0x7f0000001500)={0x20, 0x3, 0x1, 0x6}})
sendmsg$can_bcm(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="0500000008000000080000000000000045e659f6a60c2d1bb265a8525e290b1bd22125a532d31ddf1ce00d60e180f552585709600fd735236fd996fd1b9987f9b3765b151b8a6eded7c8443101e0ba8071c0a7ca28524b85207c93ddb77ed868f4c75f9c9bbf8fc14c44e4e95c5a41ffbdb6ffabf6cd33d4722085c7eca388602817546595d404d2674759e6b9", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x77359400, @ANYRES64=0x0, @ANYBLOB="0400008001000000030000e0040300000000000010000000"], 0x48}, 0x1, 0x0, 0x0, 0x4000}, 0x240400c6)
close(0x3)
syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0)

1m59.635594935s ago: executing program 2 (id=358):
setresuid(0xee01, 0x0, 0xffffffffffffffff)
r0 = syz_clone(0x2180, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000480)='task\x00')
fchdir(r1)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0)
r2 = syz_open_procfs(r0, &(0x7f0000000440)='wchan\x00')
pread64(r2, &(0x7f0000000500)=""/31, 0x1f, 0x40000000009)

1m58.951702457s ago: executing program 6 (id=359):
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x404, &(0x7f00000000c0)={[{@nojournal_checksum}, {@grpquota}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x68}}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@block_validity}, {@dioread_lock}]}, 0x3, 0x439, &(0x7f0000002380)="$eJzs3MtvG0UYAPBv105LXyRU5dEHECiIikfSpKX0wAUEEgeQkOBQjiFJq1K3QU2QaFVBQKgcUSXuiCMSfwEnuCDghMQV7qhShXJp4WS09m5iO3aauE5c8O8nrTuzO9bM592xZ3a6CWBgjWYvScTuiPg9Iobr2eYCo/V/bi1dmf576cp0EtXqW38ltXI3l65MF0WL9+0qMuWI9LMkDrapd/7S5XNTlcrsxTw/vnD+/fH5S5efO3t+6szsmdkLkydPHj828cKJyed7EmcW180DH80d2v/aO9femD517d2fv02K+Fvi6JHRtQ4+Wa32uLr+2tOQTsp9bAgbUqp30xiq9f/hKMXKyRuOVz/ta+OATVWtVqsPdD68WAX+x5LodwuA/ih+6LP5b7Ft0dDjrnDjpfoEKIv7Vr7Vj5QjzcsMtcxve2k0Ik4t/vNVtsXm3IcAAGjyfTb+ebbd+C+NxvtC9+ZrKCMRcV9E7I2IExGxLyLuj6iVfTAiHtpg/a2LJKvHP+n1rgJbp2z892K+ttU8/itGfzFSynN7avEPJafPVmaP5p/JkRjanuUn1qjjh1d++6LTscbxX7Zl9Rdjwbwd18vbm98zM7UwdScxN7rxScSBcrv4k+WVgCQi9kfEgS7rOPv0N4c6Hbt9/GvowTpT9euIp+rnfzFa4i8ka69Pjt8Tldmj48VVsdovv159s1P9dxR/D2Tnf2fb6385/pGkcb12fuN1XP3j845zmm6v/23J2037PpxaWLg4EbEteb3e6JX9pYuTLeUmV8pn8R853L7/742VT+JgRGQX8cMR8UhEPJq3/bGIeDwiDq8R/08vP/Fe9/Fvriz+mQ2d/5XEtmjd0z5ROvfjd02Vjmwk/uz8H6+ljuR71vP9t552dXc1AwAAwH9PGhG7I0nHltNpOjZW/z/8+2JnWpmbX3jm9NwHF2bqzwiMxFBa3OkabrgfOpFP64v8ZEv+WH7f+MvSjlp+bHquMtPv4GHA7erQ/zN/lvrdOmDTdbeOlva8HcDW87wmDC79HwaX/g+Dq03/39GPdgBbr93v/8d9aAew9coNr/nfBAMGhPk/DC79HwaX/g8DaX5H3P4heQmJVYlI74pmSGxSot/fTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAL3xbwAAAP//1Xjmag==")
chdir(&(0x7f0000000140)='./file0\x00')
bpf$PROG_LOAD(0x5, 0x0, 0x0)
creat(&(0x7f0000000300)='./bus\x00', 0x110)
mount(&(0x7f0000000440)=@loop={'/dev/loop', 0x0}, &(0x7f0000000080)='./bus\x00', 0x0, 0x1000, 0x0)
r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x7fffffffffffffff, 0x400, 0x0, 0x0, 0x1, 0x0, "ef35af413bb901527fe4d0ce5d29c3ee5e5c3676345a41499db7aac63a01000000000000004faa2ae2c084a0ea0000000000000000000c00002000", "036c47c67808200400000000000000335263bdbcef549ba197fce47ddfdd753abd950100002a00ffffffffffffffff00000000e8f20000000200", "b7326736181c208220000000b9000000000000000000f0fffffffff2ff00", [0x4]})
r1 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r1, 0x0, 0x0)

1m57.912125086s ago: executing program 2 (id=363):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x9}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
r3 = socket$packet(0x11, 0x3, 0x300)
mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x7fa962bfffff, 0x12, r3, 0x7f832000)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
userfaultfd(0x80001)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x4, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x94)
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x48200, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0xc14)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
gettid()
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
ioprio_set$pid(0x1, 0x0, 0x6000)
syz_io_uring_setup(0x749e, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000100), &(0x7f0000000140))

1m54.848213353s ago: executing program 34 (id=347):
socket$nl_route(0x10, 0x3, 0x0)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
getpid()
r0 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xd}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_io_uring_setup(0x497, 0x0, &(0x7f00000000c0), &(0x7f0000000280))
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = socket(0x10, 0x3, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0)
sendmsg$nl_generic(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="180000001600010a"], 0x78}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
ioctl$sock_bt_hidp_HIDPCONNADD(r0, 0x400448c8, &(0x7f00000000c0)={r1, r1, 0xc, 0x3, &(0x7f00000009c0)="160000", 0x24, 0x1, 0x16c0, 0x5505, 0x3f47, 0x3, 0xffffffff, 'syz0\x00'})
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x80}, 0x0)

1m54.794385205s ago: executing program 2 (id=365):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000001e80)=[{&(0x7f0000000b80)={0x10, 0x3c, 0x800, 0x70bd27, 0x25dfdbff}, 0x10}, {&(0x7f00000043c0)={0x10, 0x1d, 0x10, 0x70bd29, 0x25dfdbfb}, 0x10}], 0x2}, 0x19852e3079d1c89a)

1m54.564996325s ago: executing program 6 (id=367):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000026c0)=@flushpolicy={0x38, 0x12, 0x105, 0x70bd2b, 0x0, "", [@address_filter={0x28, 0x1a, {@in=@remote, @in6=@private0={0xfc, 0x0, '\x00', 0x1}, 0xa, 0x6, 0x9}}]}, 0xffc6}, 0x1, 0x0, 0x0, 0x4000000}, 0x40010)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f0000000000), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x8002, &(0x7f0000000700)=ANY=[@ANYBLOB="56c78e3c733d76697274676f2c6e6f65bc33dbde548d51f5638173733d616e792c63616368653d66736361636865"])
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
mknod(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
fchmodat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0xfffffe99)

1m54.188413409s ago: executing program 2 (id=369):
sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0)
write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
symlink(0x0, &(0x7f0000000000)='./file0\x00')
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f326635004000000f300f20e06635800000000f22e0f30fa6c8", 0x50}], 0x1, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000100)={0x2, 0x40000105, 0x0, 0x0})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

1m52.710130474s ago: executing program 2 (id=372):
syz_mount_image$udf(&(0x7f0000000f00), &(0x7f0000000f40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xa00010, &(0x7f0000000e40)=ANY=[@ANYBLOB='iocharset=iso8859-1,nostrict,uid=forget,anchor=0000000000000145,gid=', @ANYRESDEC=0x0, @ANYBLOB=',dmode=00000000000000000002004,undelete,partition=00000000000000000001,unhide,\x00'], 0x1, 0xc43, &(0x7f00000001c0)="$eJzs3U9sHNd9B/DfGy3FldxWTOwqThoHm7ZIZcZy9S+mYhXuqqbZBpBlIhRzC8CVSKkLUyRBUo1spAXTSw89BCiKHnIi0BoFUjQwmiLokWldILn4UOTUE9HCRlD0wBYBAhQIWMzsW3FJkbYskhIlfz429Z2deW/mvZn1jCzozQsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIOL3Xrl46nTaZsOhh9AYAOCBuDz21VNntnv+AwCPrSs7/f8/AAAAAAAAAAAAAABwUKQo4slIMXd5LU1Unzvql9p9t26PD49sX+1IqmoeqsqXP/XTZ86e+9ILQ+e7eak98wH199pn4rWxKxcbL8/enJufWliYmmyMz7SvzU5O3fMedlt/q8HqBDRuvn5r8vr1hcaZ589u2nx74P3+J44PXBh69uQz3bLjwyMjYxtF6r3la/fdkI6dRngcjiJORornvvfT1IqIInZ/LuoP9tpvdaTqxGDVifHhkaoj0+3WzGK5cbR7IoqIRk+lZvccbX8totb3QPuws2bEUtn8ssGDZffG5lrzravTU43R1vxie7E9OzOaOq0t+9OIIs6niOWIWO2/e3d9UUQtUnzn2Fq6mt/6UZ2HL1YDg3duR7GPfbwHZTsbfRHLxSNwzQ6w/iji1Ujxs3dOxLV8n6nuNV+IeLXMH0S8VeZLEan8YpyLeG+b7xGPploU8efl9b+wliar+0H3vnLpa42vzFyf7Snbva98xOfDXXeKh/R8OLIlH4wDfm+qRxGt6o6/lu7/NzsAAAAAAAAAAAAAAAAA7LUjUcSnI8Ur//ZH1bjiqMalH7sw9PsDv9w7ZvzpD9lPWfb5iFgq7m1M7uE8MHA0jab0kMcSf5zVo4g/zuP/vvWwGwMAAAAAAAAAAAAAAAAAAPCxVsRPIsWL755Iy9E7p3h75kbjSuvqdGdW2O7cv90509fX19cbqZPNnBM5l3Iu51zJuZozilw/ZzPnRM6lnMs5V3Ku5oxDuX7OZs6JnEs5l3Ou5FzNGbVcP2cz50TOpZzLOVdyruaMAzJ3LwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA46SIIn4RKb79jbUUKSKaERPRyZX+h906AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDUn4r4fqRo/EHzzrpaRKTq344T5S/nonm4zE9Gc6jMl6J5MWerylrzWw+h/exOXyrix5Giv/72nQuer39f59Odr0G89c2NT5+pdfJQd+PA+/1PHD92YWjkc0/vtJy2a8DgpfbMrduN8eGRkbGe1bV89E/2rBvIxy32putExMIbb77emp6emr//hfIrsIvqj9BCqn1cemqhWojagWjGw+n7JvWHdYNiX5XP//cixW+/++/dB37n+V+PX+p8uvOEj5//ycbz/8WtO7rH539ta738/C+f6ds9/5/sWfdi/t1IXy2ivnhzru94RH3hjTdPtm+2bkzdmJo5d+rUl4eGvnz2VN/hiPr19vRUz9KenC4AAAAAAAAAAAAAAACABycV8buRovXjtdSIiNvVeK2BC0PPnnzmUByqxlttGrf92tiVi42XZ2/OzU8tLExNNsZn2tdmJ6fu9XD1arjX+PDIvnTmQx3Z5/Yfqb88O/fGfPvGHy5uu/1o/eLVhcX51rXtN8eRKCKavWsGqwaPD49UjZ5ut2aqqqPbDqb/6PpSEf8RKa6da6TP53V5/P/WEf6bxv8vbd3RHo7//9zRjfF/n+gpWh4zpSJ+Hil+6y+ejs9X7Twad52zXO5vIsXg+c/mcnG4LNdtQ+e9Ap2RgWXZ/4kU//CLzWW74yGf3Ch7+iOd3EdAef2PRYrv/9l349fzus3vf9j++h/duqN9ev/DUz3rjm56X8Guu06+/icjxUtPvh2/Ua35vw98/0f33RsnOoU33s+xT9f/V3vWDeTj/uZedR4AAAAAAAAAAOAR1peK+NtI8cORWnohr7uXv/83uXVH+/T3vz7Vs25yb+Yr+tCFXZ9UAAAAADgg+lIRP4kUNxbfvjOGevP4757xn7+zMf5zOG3ZWv05369U7w3Yyz//6zWQjzux+24DAAAAAAAAAAAAAAAAAADAgZJSES/k+dQnqvH8kzvOp74SKV75r+dyuXS8LNedB36g+rV+eXbm5MXp6dl6LLauTk81xuZa16bKuk9FirW//myuW1Tzq3fnm+/M8b4xF/t8pBj5u27Zzlzs3bnJn9ooe7os+4lI8Z9/v7lsnpo6zx1dlT1Tlv2rSPH1f9q+7PGNsmfLst+NFD/6eqNb9mhZtvt+1E9tlH3+2myxD1cFAAAAAAAAAAAAAAAAAACAj5u+VMSfRor/vrl8Zyx/nv+/r+dj5a1v9sz3v8Xtap7/gWr+/52W72f+/+q9Aks7HRUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB5PKYp4M1LMXV5LK/3l5476pfbMrdvjwyPbVzuSqpqHqvLlT/30mbPnvvTC0PlufnD9vfbpeG3sysXGy7M35+anFhamJhvjM+1rs5NT97yH3dbfarA6AY2br9+avH59oXHm+bObNt8eeL//ieMDF4aePflMt+z48MjIWE+ZWt99H/0uaYf1h6OIv4wUz33vp+mH/RFF7P5cfMh3Z78dqToxWHVifHik6sh0uzWzWG4c7Z6IIqLRU6nZPUcP4FrsSjNiqWx+2eDBsntjc6351tXpqcZoa36xvdienRlNndaW/WlEEedTxHJErPbfvbu+KOL1SPGdY2vpn/sjDnXPwxcvj3311Jmd21HsYx/vQdnORl/EcvEIXLMDrD+K+MdI8bN3TsS/9EfUovMTX4h4tcwfRLwVneudyi/GuYj3tvke8WiqRRH/W17/C2vpnf7yftC9r1z6WuMrM9dne8p27yuP/PPhQTrg96Z6FPGj6o6/lv7Vf9cAAAAAAAAAAAAAAAAAB0gRvxYpXnz3RKrGB98ZU9yeudG40ro63RnW1x371x0zvb6+vt5InWzmnMi5lHM550rO1ZxR5Po5m2XW19cn8uelnMs5V3Ku5oxDuX7OZs6JnEs5l3Ou5FzNGbVcP2cz50TOpZzLOVdyruaMAzJ2DwAAAAAAAAAAAAAAAAAAeLwU1T8pvv2NtbTe35lfeiI6uWI+0Mfe/wcAAP//dsP5HA==")
open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0xa)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x201000, 0x0)
r0 = open(&(0x7f0000000540)='./bus\x00', 0x4000, 0xa87944eebfbf14c6)
r1 = add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffa)
request_key(0x0, 0x0, 0xfffffffffffffffd, r1)
preadv2(r0, &(0x7f0000000080)=[{&(0x7f0000002200)=""/4083, 0xff3}], 0x1, 0x0, 0x0, 0xa)

1m52.563125493s ago: executing program 6 (id=373):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000040)={[{0x0, 0x7caa, 0x1, 0x1, 0x5, 0x1, 0x1, 0x6, 0x7c, 0xe, 0x7, 0x7e, 0xde79}, {0x1, 0x6, 0x2, 0x7, 0x8, 0x3, 0x9, 0x4, 0x9, 0xc, 0x9, 0x1, 0x3}, {0x7, 0x9, 0x61, 0x7, 0x40, 0x8, 0x8, 0x4, 0x80, 0x6, 0x54, 0xa, 0x6}], 0x4})

1m46.20640396s ago: executing program 35 (id=373):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000040)={[{0x0, 0x7caa, 0x1, 0x1, 0x5, 0x1, 0x1, 0x6, 0x7c, 0xe, 0x7, 0x7e, 0xde79}, {0x1, 0x6, 0x2, 0x7, 0x8, 0x3, 0x9, 0x4, 0x9, 0xc, 0x9, 0x1, 0x3}, {0x7, 0x9, 0x61, 0x7, 0x40, 0x8, 0x8, 0x4, 0x80, 0x6, 0x54, 0xa, 0x6}], 0x4})

1m46.09844724s ago: executing program 2 (id=376):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000180))
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r0 = msgget$private(0x0, 0x100)
msgsnd(r0, &(0x7f0000002900)=ANY=[@ANYBLOB="0300"], 0xfd1, 0x0)

1m43.469114664s ago: executing program 36 (id=376):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000180))
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r0 = msgget$private(0x0, 0x100)
msgsnd(r0, &(0x7f0000002900)=ANY=[@ANYBLOB="0300"], 0xfd1, 0x0)

1m41.671533375s ago: executing program 4 (id=381):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='proc\x00', 0x0, 0x0)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x4b)
getdents(r0, &(0x7f0000000700)=""/90, 0x5a)

1m40.747990555s ago: executing program 4 (id=383):
syz_mount_image$hfsplus(&(0x7f0000000600), &(0x7f0000000640)='./file0\x00', 0x1000004, &(0x7f0000000cc0)=ANY=[], 0x4, 0x5d9, &(0x7f00000010c0)="$eJzs3U9rHOcdB/DvrNZrrQuOktiJ2wYqUvqHitqS1m2TgqlaTNEhlIBfgajlWHitBGlTlByKXfxCUoLeQC+55OCDz+1LEPRYKPRURC8uMzu72tiyLCWWdhV/Pvaz8zx6Zn7zm9/OjHZXAgV4aS3PpfkwRZbn3tsqxzvbne7OdufuoJ/kbJJG9T/NsvvPZOpBMpt+y3eTFHW44ln7ufbF5818ef9Gf9SoW7X+1EHbHc69umWpTnLpBcZ79I3jFcMjLINeHwSfBI+f7z/HuPupY4zNYbT6i+IZz8VMci7JdH0fGJy4jRPM8FhMzAUIAAAAx+iV3exmK+fHnQcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACcJvXf/y/q1hj0Z1MM/v5/q/5a6v6p9nDcCQAAAAAAAADAC/CD3exmK+cH48dF9TP/t6vBherxO/k4m1nNRi5nKyvppZeNLCSZGQnU2lrp9TYWDrHl4r5bLp7M8QIAAAAAAADAt9Rfsrz3838AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJgERTLVX1TtwqA/k0YzyXSSVrneveQfg/5p9nDcCQAAAMAJeGU3u9nK+cH4cVG953+jet8/nY+znl7W0ks3q7lZfRbQf9ff2NnudHe2O3fL9nTc3/77SGlUEdP/7GH/PV+q1mjn1p1mvc0f82G6uZlGtWXp0iCf/fO6X+ZU/KZ2yMxu1ssiKb5ffxoyGWaqipzJraxVNZqvcyur8erBlTjis/PknhbSGH7yc+EYan6uXpY1n57omi+OnH1vHFyJ5EfX/rt+u7t+5/atzbnJOaSv6clKdEYq8eZLVYn5qhIXh+Pl/D43MpfZvJ+NrOVPWUkvq5nN9aq3Up/P5ePMwZVa+sro/edl0qqfl/5d9Gg5vV1tez5r+UM+zM2s5pdZzNW8k4X8qvp3deQZvniIq75xtKv+hz+tO68lRbu/nBBlXV8dqevoPXemmhv9yl6VXnvx98bm9+rOVFI0hzlNgicrsTBSidcPrsRfH5ePm931Oxu3Vz465P5+Ui/L7xJnn/td4iTr1KrP3v4rla+eHeXc6/vOLVRzF4ZzjafmLg7nnnelturXcE9HWqzm3tx3rlPNXRqZaw/nLg9fbwEw8c797Fyr/a/239uftR+0b7ffm/7d2XfOvtXKmUdnft2cn/px463ib/ksf957/w8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHx9m598emel213d0NHR0Rl2xn1n4iRc6d396MrmJ5/+fO3uygerH6yud+Z/sfhuZ2Hx3atXbq11V+f7j+NOk2Oyd9GPOxMAAAAAAAAAAACO4iR+nXTcxwgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDpsTyX5sMUWZi/PF+Od7Y73bIN+ntrNpI0y+X/kqkHyWz6LTMj4Ypn7efaF5838+X9G3uxGoP1pw7a7nDu1S1LdZJLLzDeo28crxgeYRn0+iA4jNv/AwAA///YHBzc")
mknod$loop(&(0x7f0000000080)='./file0\x00', 0x100000000000600d, 0x1)
syz_mount_image$vfat(&(0x7f0000000180), &(0x7f0000000240)='./file0\x00', 0x0, &(0x7f0000000a00)=ANY=[@ANYBLOB='iocharset=cp865,utf8=1,utf8=0,utf8=1,iocharset=utf8,sys_immutable,uni_xlate=0,uni_xlate=1,uni_xlate=1,gid=', @ANYRESHEX, @ANYBLOB='A\x00'], 0x1, 0x1b1, &(0x7f0000000280)="$eJzs2zFrE2EYB/DnahrTOiSDkzjc6BSafoIGqSAGBCWDgqDYBqQnBQsBHWw3B7+EH8bBVT+JYwfhpLk0aUKEGpocJL/fkodc/rnnfcMleQJ5ff/90cHxSe9V70fUkiQ29iKN8yQasRGXzgIAWCXneR6/8zzPb5/F1rfI87zsjgCARfP5DwDr5/mLl0/anc7+szStRWRf+t1+t7gtjrd78S6yOIydqMefuPiCMFTUjx539nfSgUZ8zU6H+dN+99ZkvhX1aMzOt4p8OpnfjO2r+d2ox93Z+d2Z+Wo8qI7ymxFRj19v4ziyOIiL7Dj/uZWmD592pvJ3Bo8DAACAVdBMRwbzezUm5/dmc/L4eD4u8u3k2r8PTM3XlbhXKXftALCuTj5+OnqTZYcf5ihqw+eYM3694ud2cZIFnuKGisstHd2zt4z9+d+ierXDqWJrwa1Wlr7kJCLK2vDvEVH6yz3XRT0oSngzApZqfPWX3QkAAAAAAAAAAAAAAPAvy/hfUdlrBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGD9/A0AAP//W1+CbQ==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file2\x00', 0x105042, 0x189)
write$binfmt_format(r0, &(0x7f0000000000)='1\x00', 0x2400)
write$binfmt_misc(r0, &(0x7f0000000440)="975140c1", 0x4)

1m37.404599691s ago: executing program 3 (id=384):
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_MCAST_LEAVE_GROUP(r0, 0x0, 0x2d, &(0x7f0000000380)={0x0, {{0x2, 0x4e21, @empty}}}, 0x88)

1m36.928842779s ago: executing program 4 (id=385):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x210000, &(0x7f0000000280)={[{@user_xattr}, {@noquota}, {@dioread_nolock}, {@jqfmt_vfsv1}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x70}}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x7b1}}, {@stripe={'stripe', 0x3d, 0x20}}, {@bsdgroups}, {@max_batch_time={'max_batch_time', 0x3d, 0x3fe}}, {@user_xattr}, {@noinit_itable}]}, 0x3, 0x583, &(0x7f0000000800)="$eJzs3c9rHGUfAPDvbHb7+32bQilvX15eCj1Yqd00iT8qeKhH0WJBPdclmYaSTbdkN6WJBduDvXiRIohYEO969+ChePHoX1HQQpES9OBlZTazybbZJJt0Y2L384Fpn2dmNs8888z34Zl9dpgABtaJ7J9CxPGI+CyJONyxrRj5xhNL+y0+vjmRLUk0m+/9lkSSr2vvn+T/H8wz/4mIHz+JOF1YXW59fmG6Uq2ms3l+pDFzbaQ+v3DmykxlKp1Kr46Nj597ZXzs9dde7VtdX7z4x5fv3n/r3KcnF7/47uGRu0mcj0P5ts56PINbnZkTzWZ+Tkpx/qkdR/tQ2G6S7PQBsCVDeZyXIuJ46XCpHfXA8+/jiGgCAyrZZPzv1V/Ac6I9Dmjf2/fpPvgf49GbSzdAq+tfXPpuJPa17o0OLCZP3Bll97vDfSg/K+P7X+/dzZbo3/cQABu6dTsizhaLq/u/JO//tu5sD/s8XYb+D/4+97Pxz0vdxj+F5fFPdBn/HOwSu1uxcfwXHvahmDVl4783uo5/lyethofy3L9aY75ScvlKNc36tn9HxKko7c3y683nnFt80FxrW+f4L1uy8ttjwfw4Hhb3PvmZyUqj8ix17vTodsR/u45/k+X2T7q0f3Y+PuixjGPpvf+vtW3j+m+v5jcRL3Rt/5UZrWT9+cmR1vUw0r4qVvv9zrGf1yq/e/1/+mEbqtpV1v4H1q//cNI5X1vffBlf7/szXWvbVq//Pcn7rfSefN2NSqMxOxqxJ3ln9fqxlc+28+39s/qfOrl+/9ft+t8fER/2WP87R7/939brv72y+k9uqv03n3jw9kdfrVV+b+3/cit1Kl/TS//X6wE+y7kDAAAAAACA3aYQEYciKZRjX54uFMrlpd93HI0DhWqt3jh9uTZ3dTJaz8oOR6nQnuk+3PF7iNH897Dt/NhT+fGIOBIRnw/tb+XLE7Xq5E5XHgAAAAAAAAAAAAAAAAAAAHaJg8vP/8cTz/9nfhna6aMDtl1x6f3fwADa8JX//XjTE7ArbRj/wHNL/MPgEv8wuMQ/DKTWFJ/4h8El/mFwiX8YXOIfAAAAAAAAAAAAAAAAAAAAAAAAAAAA+urihQvZ0lx8fHMiy09en5+brl0/M5nWp8szcxPlidrstfJUrTZVTcsTtZmN/l61Vrs2OhZzN0Yaab0xUp9fuDRTm7vauHRlpjKVXkq9ZxwAAAAAAAAAAAAAAAAAAABWq88vTFeq1XS2D4lStZoWIqKXnSP6VOgAJrJ2u1Xs7TxvTyKJlTXF3XJaJPqa2OmeCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABW/BUAAP//2SsyHQ==")
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00')
read$FUSE(r0, &(0x7f0000006b40)={0x2020}, 0x206e)

1m35.439982272s ago: executing program 3 (id=386):
syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f00000002c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x20c09a, &(0x7f0000000180), 0x7, 0x50d, &(0x7f00000010c0)="$eJzs3U1vI3cZAPBnHLubbQNOWw6lEtvQF2URrJM0fYk4lEbi5VQJUe7ZkDhRFCdeJU67iVaQfgIQqgCJC5y4IPEBkFA/AkKqBDcOnEAVZOmBCzIae9xNHDs4Wsezm/x+0mT+8//Hfp7HiSfzFk8AV9ZURLwdEWMR8UpElLP+QjbFYXtKv+/+0b2VdEqi2Xz3n0kkWV/3cz6VPSz1ve9E/CA5HXd3/2BzuVar7pzsPri1sbW8Xl2vbs/Pz72x8ObC6wuzA1aSFM8aTet665uf/uzHv/n2W3/42vt/W/rHzR+mad3OxnvVMQzt0ksxfmL58kh/b4qtCgEAeBw8GxHPRMSLEfGVKMdYnLkZDQAAADyGmt+YuNZpAgAAAJdTISImIilUsut9J6JQqFTa1/B+IZ4s1Oq7ja+u1fe2V9OxiMkoFdY2atXZ7JraySgl6fJcq/1g+dWu5fmIeDoiPixfT5dbYwAAAMBoLHbt/39abu//AwAAAJdM75PxYyPPAwAAALg4LsYHAACAy8/+PwAAAFxq333nnXRq3j+617oPwOp7+3ub9fdurVZ3NytbeyuVlfrOncp6vb5eq1YG+I+AWr1+57XY3rs70yjuNmZ29w+Wtup7242l1n29l6rPjKAmAAAA4KSnX/joL0lEHH79emtKPZGNlXLNDHiEJMWujttfzikTYCjO/SE/U3sXkwgwct1/04Grwz4+kHR3dG0YjPfbVPhjd8eN/xvLNgcAAORj+ovO/8NVVcg7ASA3P8k7ASA3Ax+Ln7rYPIDRK7nNH1x5p87/dxnvN3Dq/H8/zea5EgIAAIZuoj07jOxc4EQUCpXKZ6cFk7WNWnU2Ij4fEX8ul66ly3M55gsAAAAAAAAAAAAAAAAAAAAAAAAAj6NmM4kmAAAAcKlFFP6eZPf/mi6/PNF9fOCJ5D/l1jwi3v/luz+/u9xo7Myl/f/6rL/xi6z/1TyOYAAAAMBVVDpztLOf3tmPBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBhun90b6UzjTLuJ4txPSZ7xS/GeGs+HqWIePLfSRSPPS6JiLEhxD/8ICKe6xU/SdOKySyL7viFiLiec/ynhhAfrrKPFiPi7V7vv0JMtea933/FbHpYnyy23uQ943fWf2N91n+fGzDG8x//bqZv/A8ini/2Xv904id94r80YPzb3z846DfW/HXEdM+/P0l7Vsi+sbF1Z2Z3/+DWxtbyenW9uj0/P/fGwpsLry/Mzqxt1KrZ154xfvql3x9+2Lf+doDj8Tt1TrYz/FG/+l8esP7/fnz36Nl2s3Q6fsTNl3r//J9rzXu//unvxCvZy5OOT3fah+32cTd++6cb/XJL46/2ef3bP/9y80H84on6bw5W/vGafzXYQwCAi7S7f7C5XKtVd0bQePG14T1h0mqkW0EjSj7vRudgx6OSz3g+0a9FvrV/66Gfp7M5/DDP89eh1ZXuM/QeynGlBAAAXIgHG/15ZwIAAAAAAAAAAAAAAAAAAABXV+v//8fO+UGAL5zvk8a6Yx7mUyoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJn+FwAA//9M3sFA")
mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1)

1m35.169754585s ago: executing program 4 (id=387):
sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0)
write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
landlock_create_ruleset(&(0x7f0000000040)={0x501a, 0x3, 0x3}, 0x18, 0x0)
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f326635004000000f300f20e06635800000000f22e0f30fa6c8", 0x50}], 0x1, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x91}, 0x24044884)
ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000100)={0xffffffff, 0xbe7, 0x0, 0x0})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

1m33.624235267s ago: executing program 3 (id=388):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
r1 = request_key(&(0x7f0000000000)='id_legacy\x00', &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000080)='].\x00', 0xffffffffffffffff)
request_key(&(0x7f0000000140)='id_legacy\x00', &(0x7f0000000180)={'syz', 0x0}, 0x0, r1)
pipe(&(0x7f0000000300)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x2, &(0x7f00000001c0)=0x7ff, 0x4)
bind$inet6(r3, &(0x7f0000000000)={0xa, 0x8000002, 0x2000}, 0x1c)
sendto$inet6(r3, 0x0, 0x0, 0x22004001, &(0x7f0000b63fe4)={0xa, 0x2, 0x3, @loopback}, 0x1c)
sendto$inet6(r3, &(0x7f0000000080)="44f9b108b1cdc885c9c533d21f474bec8bfef1df1e2da71e578dc6b91d09f7ab15378571d8e27546090000006e75436914ab717528ee4b7a9beaf908d11137c11903064e83b4951f4d433a5404970c85d92d7083fd38844cbb0c6c5eb508ddc2dc7a590aa7941b1e9eeb5a688138dea09b776cbfa784cbf550bf3074fb0d775da4df5a3f48bbdf452eeb6b923da9d0e25b80f76a873664b5753444fe05f33e5f91045540836c3cd6af10f0cd018f0c6f57f926ac959a5628c45088fbe0c87fbe6cbcda4662d2a12f6d00"/215, 0xd0d0c2ac, 0x1, 0x0, 0x0)
splice(r3, 0x0, r2, 0x0, 0x406f413, 0x0)
r4 = openat$cgroup_ro(r2, &(0x7f0000000240)='blkio.bfq.dequeue\x00', 0x275a, 0x0)
ioctl$FIBMAP(r4, 0x1, 0xfffffffffffffffe)
renameat2(0xffffffffffffffff, &(0x7f00000003c0)='./file0\x00', r4, &(0x7f0000000400)='./file0\x00', 0x2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='hrtimer_expire_entry\x00', r4, 0x0, 0x5}, 0x18)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, &(0x7f0000000000)={0x7, {{0xa, 0x4e23, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @mcast2, 0xfffffffd}}}, 0x108)
getsockopt$inet6_buf(r0, 0x29, 0x30, &(0x7f0000000000)=""/40, &(0x7f0000001000)=0xf9)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000801000000000000004000000850000005400000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x94)
r5 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r5, 0x40345410, &(0x7f00000083c0)={{0x3}})
ioctl$SNDRV_TIMER_IOCTL_START(r5, 0x54a0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
setrlimit(0x40000000000008, &(0x7f0000000000)={0x4848, 0xfffffffffffff006})
capset(&(0x7f0000a31000)={0x20080522}, &(0x7f0000000080))
mlock2(&(0x7f0000006000/0x4000)=nil, 0x4000, 0x0)
close(0x3)
iopl(0x3)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYRES32], 0x50)

1m32.525949101s ago: executing program 4 (id=389):
socket$netlink(0x10, 0x3, 0xf)
removexattr(0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x141a82, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = getpid()
capset(&(0x7f0000000080)={0x20080522}, &(0x7f0000000040)={0x200000, 0x200000})
syz_pidfd_open(r1, 0x0)
syz_clone(0x30288000, 0x0, 0x0, 0x0, 0x0, 0x0)

1m30.04281698s ago: executing program 3 (id=390):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000100)='./file1\x00', 0x2810000, &(0x7f0000000180)={[{@user_xattr}, {@nogrpid}, {@noinit_itable}, {@nogrpid}, {@block_validity}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x4}}, {@nojournal_checksum}, {@errors_remount}, {@jqfmt_vfsv0}, {@jqfmt_vfsv0}, {@data_err_ignore}]}, 0x1, 0x57a, &(0x7f0000000300)="$eJzs3d9rW1UcAPDvvW33U10HY6iIFPbgZC5dW39M8GE+ig4H+j5Dm5XRdBlNOtY62PbgXnyRIYg4EN/13cexf8C/YqCDIaPogy+Rm95kaZusWdet2fL5wG3PybnJud977jk5NzeXBDCwxrI/acRrEfFdEnGgrWw48sKx1fVWHlyZzpYk6vUv/k4iyR9rrp/k//fnmVcj4s43EcfSjfVWl5bniuVyaSHPj9fmL45Xl5aPn58vzpZmSxcmp6ZOvjc1+eEH729brG+f+ffHz29/cvLbIys//Hbv4M0kTsVLeVl7HLm0LaReXWvPjMVY/gIjcWrdihOPu/F9qrn/HndH0R+G8n4+EtkYcCCG8l4PvPiuRkQdGFCJ/g8DqjkPaJ7bdzgPfqHd/3j1BGhj/MOrn43Ensa50b6VZM2ZUXa+O7oN9Wd1/P7XrZvZEp0/h1gvWfcxA8CWXLseESeGhzeOf0k+/m3diR7WWV/HoL3/wE66nc1/3uk0/0lb85/oMP/Z36HvbsXm/T+9tw3VdJXN/z7qOP9tXbQaHcpzLzfmfCPJufPlUja2vRIRR2Nkd5Z/1PWckyt3693K2ud/2ZLV35wL5ttxb3j32ufMFGvFJ4m53f3rEa93nP8mrfZPOrR/tj/O9FjH4dKtN7uVbR7/01X/JeKtiLizazXfHn9T8ujrk+ON42G8eVRs9M+Nw3+0Mitry3Y6/qz993U8/lvxjybt12urj1/Hz3v+K0X9aseyrR7/u5IvG+m82eJysVZbmIjYlXy28fHJh89t5pvrZ/EfPfLo8a/T8b83Ir7qMf4bh359o1tZh/jTZ93+Mz21fzYKZu3fOhB6Ttz99OufutW/Jv5r0aX9322kjuaP9DL+9bqBT7LvAAAAAAAAoN+kjXs4k7TQSqdpobD6/Y5DsS8tV6q1Y+cqixdmVu/1HI2RtHml+0Db9yEm8u/DNvOT6/JTEXEwIr4f2tvIF6Yr5ZmdDh4AAAAAAAAAAAAAAAAAAAD6xP4u9/9n/hza6a0Dnjo/+Q2Da9P+vx2/9AT0Je//MLj0fxhc+j8MLv0fBpf+D4Mr7/8u98MA8v4Pg0v/BwAAAAAAAAAAAAAAAAAAAAAAAAAAgG115vTpbKmvPLgyneVnLi0tzlUuHZ8pVecK84vThenKwsXCbKUyWy4Vpivzm71euVK5ODEZi5fHa6Vqbby6tHx2vrJ4oXb2/HxxtnS2NPJMogIAAAAAAAAAAAAAAAAAAIDnS3Vpea5YLpcWJJ7jRBo7V/twv+wEiW1N7PTIBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP/R8AAP//nI4y/w==")
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000000100), 0x2, 0x500, &(0x7f0000000500)="$eJzs3U9sI1cZAPBvJn/sTdMmhR4AFbqUwoJWayfeNqp6oZwqhCoheuSwDYkTRbHjKHZKE/aQPXJHohInOHHmgMQBqSfuSBzgxqUckAqsQA0SByOP7V3njzfWbmzvxr+fNJo38+L53tvRvGd91s4LYGJdj4ijiJiNiPcjYqFzPuls8XZ7a/3dZ/fvrh3fv7uWRLP53j+TrL51Lno+0/Jc55r5iPjBOxE/Sk4F/VNE/eBwe7VSKe91ThUb1d1i/eDw1lZ1dbO8Wd4plVaWV5bevP1G6dL6+kr1N59ei4jf/+7Ln/zx6Fs/aTVrvlPX24/L1O76zIM4LdMR8b1hBBuDqU5/Zh/nw4/1IS5TGhGfi4hXs+d/Iaayu3nSydv07RG2DgAYhmZzIZoLvccAwFWXZjmwJC10cgHzkaaFQjuH91LMpZVavXFzo7a/s97OlS3GTLqxVSkvdXKFizGTbGxNl5ezcve4Ui6dOr4dES9GxM9y17Ljwlqtsj7OLz4AMMGeOzX//yfXnv8BgCsu/7CYG2c7AIDRyY+7AQDAyJn/AWDymP8BYPKY/wFg8pj/AWDymP8BYKJ8/913W1vzuPP+6/UPDva3ax/cWi/XtwvV/bXCWm1vt7BZq21m7+ypXnS9Sq22u/x67H9YbJTrjWL94PBOtba/07iTvdf7TnlmJL0CAB7lxVc+/ksSEUdvXcu26Hnf/4Vz9cvDbh0wTOm4GwCMzdS4GwCMzdnVvoBJIR8P9CzRe6/ndP5M4bSPBrp8at1QePrc+OIT5P+BZ5r8P0yux8v/+y4PV4H8P0yuZjOx5j8ATBg5fiC5oL739/+lZs/BYL//AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJU0n21JWuisBT4faVooRDwfEYsxk2xsVcpLEfFCRPw5N5NrHS9HhHWDAOBZlv496az/dWPhtfnTtbO5/+ayfUT8+Bfv/fzD1UZjbzliNvnXg/ONjzrnS+NoPwBwke483Z3Huz67f3etu42yPZ9+p724aCvucWdr10zHdLbPZ7mGuX8nneO21veVqUuIf3QvIr5wXv+TLDey2Fn59HT8VuznRxo/PRE/zera+9a/xecvoS0waT5ujT9vn/f8pXE925///OezEerJdce/4zPjX/pg/JvqM/5dHzTG63/47pmTzYV23b2IL01HHHcv3jP+dOMnfeK/NmD8v778lVf71TV/GXEjzut/ciJWsVHdLdYPDm9tVVc3y5vlnVJpZXll6c3bb5SKWY662M1Un/WPt26+0C9+q/9zfeLnL+j/1wfs/6/+9/4Pv/qI+N/82vn3/6VHxG/Nid8YMP7q3G/z/epa8df79P+i+39zwPif/O1wfcA/BQBGoH5wuL1aqZT3hl1Ihx8iKyQRRyPoTruQ+/VP3xlVrCEW4ulohsLTVBj3yAQM28OHftwtAQAAAAAAAAAAAAAA+hnFfycadx8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4uv4fAAD//5iA1Hs=")
creat(&(0x7f0000000040)='./bus\x00', 0x0)
mount(&(0x7f0000000440)=@loop={'/dev/loop', 0x0}, &(0x7f0000000080)='./bus\x00', 0x0, 0x1000, 0x0)
r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x7ffffffffffffffc, 0x80100000400, 0x0, 0x0, 0x1, 0x0, "ef35af413bb901527fe4d0ce5d29c3ee5e5c3676345a41499db7aac63a01000000000000004faa2ae2c084a0ea0000000000000000000c00002000", "036c47d8780820335263bdbcef549ba197fce47ddfdd753abd950100002a00ffffffffff000000e8f20000000200", "b73267f0fffffffff2ff00", [0x10000000000002]})
setxattr$incfs_metadata(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x0, 0x0, 0x0)

1m27.092611952s ago: executing program 4 (id=391):
socket$packet(0x11, 0xa, 0x300)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0)
clock_nanosleep(0x4, 0x0, &(0x7f0000000380), 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
mount$9p_fd(0x0, &(0x7f0000000340)='.\x00', &(0x7f0000000040), 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/dev\x00')
pread64(r1, &(0x7f0000001180)=""/4107, 0x100b, 0x200280)

1m25.727624646s ago: executing program 3 (id=392):
openat$fuse(0xffffffffffffff9c, &(0x7f0000000100), 0x42, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ff0000/0x10000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff6000/0x2000)=nil, &(0x7f0000ff6000/0xa000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x208000, &(0x7f00000001c0)={[{@noblock_validity}, {}, {@abort}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@nogrpid}, {@noauto_da_alloc}, {@barrier}]}, 0x3, 0x578, &(0x7f0000002b40)="$eJzs3V9rW+UfAPDvSdt1/36/dTCGeiGFXTiZS9fWPxOEzUvR4UDvZ2jPymi6jCYdax1su3A33sgQRByIL8B7L4dvwFcx0MGQUfXCm8hJT9asbdq0iyaazwdO+zw5J33Ok+d8n37POQkJYGCNZz8KES9GxBdJxJGWdcORrxxf2271yc2ZbEmiXv/o1ySS/LHm9kn++1BeeSEifvws4lRhc7vV5ZX5UrmcLub1idrCtYnq8srpKwuluXQuvTo1PX32jempt996s2t9ffXiH19/+OC9s5+fWP3q+0dH7yVxPg7n61r78Rxut1bGYzx/TUbi/IYNJ7vQWD9Jer0D7MlQHucjkc0BR2Ioj3rgv+9WRNSBAZWIfxhQzTwgO//d19tUpCcev7t2AtS8trF+HWB47dpI7G+cGx1cTZ45M8rOd8e60H7Wxg+/3L+XLbHDdYhbXWgPoOn2nYg4Mzy8ef5L8vlv7840Lh5vb2Mbbea/+mg0pmKgix5k+c9rW+U/haf5T2yR/xzaInb3Yuf4LzzqQjNtZfnfO7F1/3NjQ3ntf42cbyS5fKWcnomI/0fEyRgZzerb3c85u/qw3m5da/6XLVn7zVww349Hw6PPPme2VCs9T59bPb4T8dJ6/pvEpvl/fyPX3Tj+2etxscM2jqf3X263buf+t+p+Blz/LuKVLcd//Y5Wsv39yYnG8TDRPCo2+/3u8Z/atb+7/ndfNv4Ht+//WNJ6v7a6+za+3f9n2m7dXo//fcnHjXLznPVGqVZbnIzYl3yw+fGp9ec2683ts/6fPLH9/LfV8X8gIj7psP93j91tu2k/jP/srsZ/94WH73/6Tbv2Oxv/1xulk/kjncx/ne7g87x2AAAAAAAA0G8KEXE4kkLxablQKBbX3t9xLA4WypVq7dTlytLV2Wh8VnYsRgrNO91HWt4PMZm/H7ZZn9pQn46IoxHx5dCBRr04UynP9rrzAAAAAAAAAAAAAAAAAAAA0CcOtfn8f+bnoV7vHfC385XfMLh2jP9ufNMT0Jf8/4fBJf5hcIl/GFziHwaX+IfBJf5hcIl/GFziHwAAAAAAAAAAAAAAAAAAAAAAAAAAALrq4oUL2VJffXJzJqvPXl9emq9cPz2bVueLC0szxZnK4rXiXKUyV06LM5WFnf5euVK5NjkVSzcmamm1NlFdXrm0UFm6Wrt0ZaE0l15KR/6RXgEAAAAAAAAAAAAAAAAAAMC/S3V5Zb5ULqeLCm0L56IvdmPPhWSnUT6XHwx7amK49x1U6LAw+lvnG/d4YgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAFn8FAAD//4WDL3k=")
open(&(0x7f0000000080)='./file1\x00', 0x64842, 0x86)
truncate(&(0x7f0000000000)='./file1\x00', 0x8001)
r0 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a2, 0xc000, 0x8, 0xc1})
setsockopt$bt_hci_HCI_FILTER(0xffffffffffffffff, 0x0, 0x2, &(0x7f0000000140)={0x2, [0x5, 0x2], 0x1ff}, 0x10)
writev(0xffffffffffffffff, &(0x7f0000000080)=[{0x0}, {0x0}], 0x2)
io_uring_enter(r0, 0x2219, 0xcf74, 0x16, 0x0, 0x0)

1m24.430384652s ago: executing program 3 (id=393):
r0 = fsopen(&(0x7f0000000080)='selinuxfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
fchdir(r1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0)
getdents64(r2, &(0x7f0000000100)=""/46, 0x8d)
getdents64(r2, 0xfffffffffffffffe, 0x29)

1m20.802298504s ago: executing program 37 (id=393):
r0 = fsopen(&(0x7f0000000080)='selinuxfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
fchdir(r1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0)
getdents64(r2, &(0x7f0000000100)=""/46, 0x8d)
getdents64(r2, 0xfffffffffffffffe, 0x29)

1m11.128763735s ago: executing program 38 (id=391):
socket$packet(0x11, 0xa, 0x300)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0)
clock_nanosleep(0x4, 0x0, &(0x7f0000000380), 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
mount$9p_fd(0x0, &(0x7f0000000340)='.\x00', &(0x7f0000000040), 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/dev\x00')
pread64(r1, &(0x7f0000001180)=""/4107, 0x100b, 0x200280)

19.362365465s ago: executing program 0 (id=411):
r0 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), r0)
getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
r1 = socket$nl_route(0x10, 0x3, 0x0)
getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=@ipv4_newaddr={0x20, 0x14, 0x121, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, r2}, [@IFA_LOCAL={0x8, 0x2, @dev}]}, 0x20}}, 0x0)

18.34715102s ago: executing program 0 (id=412):
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
r0 = gettid()
openat$ptp0(0xffffffffffffff9c, 0x0, 0x0, 0x0)
timer_create(0x0, &(0x7f00000002c0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)=<r1=>0x0)
timer_settime(r1, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
syz_open_dev$MSR(0x0, 0x0, 0x0)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000500)=ANY=[@ANYBLOB="12010000000000207d1e5a2d00000000000109022400010000000009040000010300000009210000000122080009058103"], 0x0)

17.224236261s ago: executing program 0 (id=414):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x1, &(0x7f0000000200)=0x7)
sendmsg(0xffffffffffffffff, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000500), 0x0, &(0x7f0000000180)=ANY=[@ANYRESOCT=r1], 0x10}, 0xd0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
prctl$PR_SET_MM_MAP(0x23, 0xe, 0x0, 0x0)
r5 = io_uring_setup(0x4, &(0x7f0000000040)={0x0, 0xc89e, 0xc000, 0x8, 0x20002f7})
connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
io_uring_enter(r5, 0x2219, 0x7721, 0x16, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0xd, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x9, 0x1, 0x88}]}, &(0x7f0000000080)='syzkaller\x00'}, 0x80)

14.402313949s ago: executing program 0 (id=415):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x10000, &(0x7f0000000940)={[{@journal_ioprio={'journal_ioprio', 0x3d, 0x3}}, {@block_validity}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x40}}, {@dax_always}, {@resgid}, {@bsdgroups}, {@usrjquota}, {@jqfmt_vfsv0}]}, 0x5, 0x455, &(0x7f0000000e80)="$eJzs281vG0UbAPBnN0n7vv1KKOWjpUCgQkR8JE1aoAcuIJA4FIEEh3IMTlpVdRvUBIlWEQ0IlQsSqgRnxBGJv4AbFwSckLjCHVWqoJcWTka73k1tN06a1rFD/ftJTma8Y888nh17dsYOoG+NZn+SiB0R8VtEDNezzQVG6/+uX12s/H11sZJErfbWn0le7trVxUpZtHzc9iIzlkaknyRFJc3mz50/NV2tzp4t8hMLp9+bmD93/tmTp6dPzJ6YPTN15MjhQ5MvPD/1XEfizOK6tu/Duf17X3vn0uuVY5fe/enbrL07iuONcXTKaBb4X7Vc67EnOl1Zj+1sSCeDPWwI6zIQEVl3DeXjfzgG4kbnDcerH0fUtva0gcCGyT6bVhngSzXgLpZEr1sA9EYsz/cXK9k18EZcB29mV16qXwBlcV8vbvUjg5EWZYZarm87aTQiji3981V2iw1ahwAAaPRZ5cuj8Ux93tE8/0vj/oZyu4o9lJGIuCcidkfEvRGxJyLui8jLPhARD66z/htbQ/Vdg5vnP+nl249ubdn878Vib6t5/lfO/mJkoMjtzOMfSo6frM4eLF6TsRjamuUnV6nj+1d+/bzdscb5X3bL6i/ngkU7Lg+2LNDNTC9M55PSDrjyUcS+wZXiT5avDJKI2BsR+9b31LvKxMmnvtnfrtDa8a+iA/tMta8jnqz3/1K0xF9KVt+fnPhfVGcPTpRnxc1+/uXim+3qv6P4OyDr/23N539rkZGkcb92fv11XPz907bXNLd7/m9J3s77ZUtx3wfTCwtnJyO2JEfzfNP9UzceW+bL8ln8YwdWHv+7i8dk9TwUEdlJ/HBEPBIRjxZtfywiHo+IA6vE/+PL7Y9thv6fWfH9b/n8b+n/9ScGTv3wXbv6b63/D+epseKe/P1vDbfawDt57QAAAOC/Is2/A5+k48vpNB0fr3+Hf09sS6tz8wtPH597/8xM/bvyIzGUlitdww3roZPJUvGM9fxUsVZcHj9UrBt/MfD/PD9emavO9Dh26Hfb24z/zB8DvW4dsOFW2kebKndQki43Buiq1vGfNmcvvNHNxgBd5ffa0L/WGP9pt9oBdJ/Pf+hfK43/Cy15ewFwd/L5D/3L+If+ZfxD/zL+oS/dye/6Jfo5EemmaIbEBiV6/c4EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQGf8GAAD//yHV7fc=")
setreuid(0xee01, 0x0)
ioprio_get$uid(0x3, 0xee01)

13.756721191s ago: executing program 0 (id=416):
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
r0 = socket(0xa, 0x3, 0xff)
setsockopt$inet6_int(r0, 0x29, 0x5, &(0x7f0000000040)=0xfffffff9, 0x4)
syz_emit_ethernet(0x4e, &(0x7f00000001c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa3986dd6c370c8900182b01fe800000000000000000000000000025fe8000000000000000000000000000aaff"], 0x0)
setsockopt$inet6_int(r0, 0x29, 0x4, &(0x7f0000000000)=0x6568, 0x4)
recvmmsg(r0, &(0x7f00000008c0)=[{{0x0, 0xffffffffffffff7c, 0x0, 0x0, &(0x7f0000002000)=""/6, 0x11}, 0x7}], 0x1, 0x102, 0x0)

12.861776095s ago: executing program 0 (id=417):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x1c1101, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x19, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000010000000000000000"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sockopt=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000400)={r3, 0x3, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
bind$bt_sco(r2, &(0x7f00000001c0), 0x37)
setsockopt$bt_BT_DEFER_SETUP(r2, 0x112, 0x7, &(0x7f00000000c0)=0xfffffffe, 0x4)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
openat$sndtimer(0xffffffffffffff9c, &(0x7f00000003c0), 0x0)
connect$unix(r4, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff})
setpriority(0x1, r1, 0x1785)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB], 0x0}, 0x94)
r6 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000003000000010000000000000e0200000000000000000000000000000404000000002e"], 0x0, 0x37}, 0x20)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x9, 0x4, 0x4, 0xa, 0x4, 0xffffffffffffffff, 0x0, '\x00', 0x0, r6, 0x2, 0x1}, 0x50)
bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_udp_int(r7, 0x11, 0xa, &(0x7f0000000040)=0x3d, 0x4)

10.346217385s ago: executing program 1 (id=419):
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x4c10, &(0x7f0000002b40), 0x26, 0x75c, &(0x7f0000000b00)="$eJzs3M1rHGUYAPBnJtmkTaMbQfDjIEILFko3SXNpT40Xb4VCwWsNySSETLIhu6ndWLD1LNTmoiCIePboVSj1D/AmBQXvgmiNB/GyMptNatNsum3Srqa/H0z3eefjfd6nO7zsQN4J4Ln1ZvFPEjEcERcjotzen0bEQCs6EnF987yNe9emiy2JZvPSb0lxWWw0y9t9Je3PY9G6JF6NiDuliFMfPZy31lhbmMrzbKXdHq0vLo/WGmtD84tTc9lctjQ+cW7s7MTE2bGJR9bwSpe1nnj33NFb37+zvv7DN/Wbb/SfTmKyVXe0a+uym8ey+X9Siskd+5eeRrIeSno9AAAAulL8zu+LiP7Wr9Ry9LUiAAAA4DBpDjYBAACAQy+JPQ4e2esgAAAA8P+w9XcAW2t7n9Y62E5+fTsiRnbL399aQxxxJEoRMbSRPLAyIdm8DPbl+o2IuD258/77qrjDru+z77Ed7QfXSA/ss3cOwu1i/pncbf5Jt+ef2GX+6d96d8I+dZ7/7ufv6zD/Xewyx7dfvFbqmP9GxOv9u+VPtvMnHfK/12X+m+sf33rUObvl/3eurfdDnH74/RCTs/P5nq8fuPP3ybudjhX1D3XK3+q1c/3LXdRe+GDjj4VOc0mR/+Txvb//3fIX98Qn7XGkEXGr/Vm013fkOL7443d71T8T0XyS7//LLuv/+evBq12eCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC1pRAxHkla24zStVCKORcTLMZTm1Vr91Gx1dWmmOBYxEqV0dj7PxiKivNlOivZ4K77fPrOjPRERL/10dDPpfJ5Vpqv5TK+LBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYNuxiBiOJK1ERBoRf5bTtFKJ6O/i2sFnMD4AAADggIz0egAAAADAU+f5HwAAAA6/J33+Tw54HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMChdvHChWJrbty7Nl20Z640VheqV07PZLWFyuLqdGW6urJcmatW5/KsMl1dfFR/ebW6PH4uVq+O1rNafbTWWLu8WF1dql+eX5yayy5npWdSFQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAI9ruLUlaSUi0lacppVKxAsRMRKlZHY+z8Yi4sWIuFsuDRbt8V4PGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgANXa6wtTOV5tiIQCJ5Z8GFE/AeGsUfQ65kJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBeqDXWFqbyPFup9XokAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9Fb6SxIRxfZW+cTwjoN9A8lf5SIYiIj3P7/06dWpen1lPGIg+X17f/2z9v4zPSkAAAAAngfnH+fkref0red4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAbtUaawtTeZ6t7C84H421ZtLhnF7XCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPJl/AgAA///CK8Nb")
chdir(&(0x7f00000001c0)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x82400, 0x0)
ioctl$FS_IOC_ENABLE_VERITY(r0, 0x40806685, &(0x7f0000000a80)={0x1, 0x2, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0})
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
ioctl$FS_IOC_MEASURE_VERITY(r0, 0xc0046686, 0x0)

7.204631641s ago: executing program 1 (id=420):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = dup(r1)
rt_sigaction(0x20, 0x0, &(0x7f0000000380)={&(0x7f0000000140)="f20f8e341b341bf82b710026f3440faedac4e27d1d318f491891c6c4617167302e3e660fe6a30e000000f04383720406426e420f01da", 0x0, 0x0}, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x18, 0x0, 0x0, 0x0}, 0x94)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r0, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@textreal={0x8, 0x0}], 0x1, 0x42, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

4.090414847s ago: executing program 1 (id=421):
r0 = fanotify_init(0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x2)
inotify_add_watch(r0, 0x0, 0x84)

3.810718223s ago: executing program 7 (id=364):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
accept4(r0, 0x0, 0x0, 0x0)

3.012503925s ago: executing program 7 (id=422):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f00000005c0)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@nogrpid}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x80, 0x0)
ioctl$FS_IOC_ENABLE_VERITY(r0, 0x40086610, 0x0)

2.862994357s ago: executing program 1 (id=423):
r0 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x5)
fchdir(r1)
openat(0xffffffffffffff9c, &(0x7f0000001400)='./file0\x00', 0x20000, 0x109)

1.941289818s ago: executing program 7 (id=424):
r0 = memfd_create(&(0x7f00000005c0)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\xa6Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\xca\xd7Uw\x00\xbc\xfa2\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10`\xee\xa9\x8b\x06%\xb8G\xd1c\xe1$\xff\x97k\xde\xc5\xa96\xddU)\xc98M\xcd\xfb\xcc\x82n=\x7f=\xd9Jx\xaa\x8f~\xb94a\xa9\xb2\x04K\x98\x93=\xabQ\xf7\x05\x1d\xa1\xce\x8b\x19\xea\xef\xe3\xd6m\xf7@]iNP\xf1\x1d\xab\x13\xce\x152s\xb8\x85\x98\x84\xbf\x8c\x80{\x16\t\xd6\x17P3\xe9\xebGKL\xd3\x88\xd2\rLG\x8e\xd6\xa72\xf4\x92\xeb&\xa5\xcc\x14FZN\x98%[p\x989\xf6\xf5\xb6\xedk\xe6\xb0\xa1\x8f\x90\xdb\xd6h)\x0f6\x88\x03P\x8ak\xf9\xc9\x82`\xa7Ku\x99\xab\xd4\xb2\xaa1\x99O\x8b\x99-\xe3', 0x0)
r1 = dup(r0)
ioctl$FS_IOC_RESVSP(r1, 0x40305828, &(0x7f0000000380)={0x0, 0x2, 0xd, 0xffffffffffffffff})

1.587186301s ago: executing program 1 (id=425):
r0 = gettid()
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
read(r1, &(0x7f0000000200)=""/209, 0xd1)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r1, 0x4040534e, &(0x7f0000000080)={0x335, @time={0x5}})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(r1, 0x80045301, &(0x7f00000000c0))
tkill(r0, 0x7)

733.30522ms ago: executing program 7 (id=426):
syz_mount_image$hfsplus(&(0x7f00000002c0), &(0x7f0000000140)='./file1\x00', 0x3000c00, &(0x7f0000000200)=ANY=[], 0xff, 0x654, &(0x7f0000000a40)="$eJzs3c9vHGf9B/D3rje2N99+UzdN2hRVitVIgLBI/EMumAsBIeRDhapy4GwlTmNlkxbbRW6FqMvPaw/5A8rBN05I3COVCxe49epjJQSXXjCnRTM7a29tr38Ux2uX1yuafZ6ZZ+Z5Ps9nZ3Z214o2wP+s+Yk0nqSW+YnX1or1zY2Z1ubGzMNuPclIknrS6BSp/avdbn+c3E5nyUvFxqq7Wr9xHi/NvfHJZ5ufdtYa1VLuXz/ouKNZr5aMJxmqypPq785h/Y0e1l1te4ZFwm50EweDdiFJu/SPx50tP/3LM9stPZr7HX3omQ+cA7XOfXOPseRidaEX7wM6d8XOPftcWx90AAAAAHAKnt3KVtZyadBxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwHlS/f5/rVrq3fp4at3f/x+utqWqny3Xj7f7k6cVBwAAAAAAAACcoutb2cpaLnXX27Xyb/6vlCtXysf/yztZyWKWczNrWchqVrOcqSRjPR0Nry2sri5PHeHI6X2PnD4k0JGqbJ7MvAEAAAAAAADgS+aXmd/5+z8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJwFtWSoU5TLlW59LPVGktEkw8V+68nfuvXz7MmgAwAAAIBT8OxWtrKWS931dq38zP9C+bl/NO/kUVazlNW0spi75XcBnU/99c2NmdbmxszDYtnb7/f+eawwyh7T+e5h/5GvlXs0cy9L5ZabuZO30srd1MsjC9e68ewf1wdFTLXvVo4Y2d2qLGb+YVXu8f6xJtvPMb9MGSszcmE7I5NVbEU2njs4E8d8dnaPNJX6drBXdo20axJfKOcXq7KYz2/75Xwgdmdiuufse+HgnCdf+9MffnK/9ejB/XsrE2dnSgdbr8qhqmyXj829mZjpycSLX8ZM9DVZZuLq9vp8fpgfZyLjeT3LWcrPspDVLGY8PyhrC9X5XOu55Ptk6vbn1l4/LJLh6gztPFnHi+mV8thLWcqP8lbuZjGvlv+mM5VvZTazmet5hq8e4ZW23ueqb///vsHf+HpVaSb5XVWeDUVen+vJa+9r7ljZ1rtlJ0uXT/5+1PhKVSnG+FVVng27MzHVk4nnD87E78uXlZXWowfL9xfePtpwlz+sKsV19JszdZcozpfLxZNVrn3+7Cjant+3bapsu7LdVt/TdnW7rXOlrve9Uoer93B7e5ou217ct22mbLvW07bf+y0AzryL37g43Px786/Nj5q/bt5vvjb6/ZFvj7w8nAt/vvCdxuTQV+sv1/6Yj/KLnc//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAF7fy7nsPFlqtxeVdlXa7/X6fpvNc6f6c2SkO+tIzyaCmPJzkbGT+3+12u9pSOwvxHFxpF0bSfupjNZLs13S9d8sHAzl/BvzCBDx1t1Yfvn1r5d33vrn0cOHNxTcXH83Nzs5Nzs2+OnPr3lJrcbLzOOgogadh56Y/6EgAAAAAAAAAAACAozqZ/zPQTNJ/n/6jj57mVAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBzan4ijSepZWry5mSxvrkx0yqWbn1nz0aSepLaz5Pax8ntdJaM9XRX6zfO46W5Nz75bPPTnb4a3f3rBx13NOvVkvEkQ1V5Uv3d+a/7q23PsEjYjW7iYND+EwAA//9nMgTf")
setxattr$trusted_overlay_upper(&(0x7f00000003c0)='./file1\x00', &(0x7f00000001c0), &(0x7f0000000200)=ANY=[], 0x835, 0x0)
setxattr$security_ima(&(0x7f0000000100)='./file1\x00', &(0x7f0000000140), &(0x7f00000013c0)=ANY=[], 0x700, 0x0)
rename(&(0x7f0000000000)='./file1\x00', &(0x7f0000000080)='./file2\x00')

0s ago: executing program 1 (id=427):
unshare(0x20700)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f00000002c0), r0)
r2 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r3=>0x0})
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000fbdbdf25260000000c00018008000100", @ANYRES32=r3], 0x20}}, 0x0)

kernel console output (not intermixed with test programs):

7682][ T6862] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0x22785e93, utbl_chksum : 0xe619d30d)
[  414.606165][ T6871] erofs (device loop3): mounted with root inode @ nid 36.
[  415.017737][ T1746] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  415.227656][ T1746] usb 4-1: device descriptor read/64, error -71
[  415.537786][ T1746] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  415.752218][ T1746] usb 4-1: device descriptor read/64, error -71
[  415.819064][   T42] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  416.105259][ T6881] loop4: detected capacity change from 0 to 512
[  416.151454][ T6884] loop2: detected capacity change from 0 to 1764
[  416.229546][ T6881] ext2: Unknown parameter 'func'
[  416.242541][ T6884] iso9660: Unknown parameter 'g'
[  416.695399][ T6886] loop5: detected capacity change from 0 to 32768
[  416.708291][ T1746] usb usb4-port1: attempt power cycle
[  416.781145][ T6886] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.206 (6886)
[  416.894550][   T42] usb 1-1: Using ep0 maxpacket: 16
[  416.934359][   T42] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  416.946134][   T42] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  416.956544][   T42] usb 1-1: New USB device found, idVendor=1b1c, idProduct=1b02, bcdDevice= 0.00
[  416.965980][   T42] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  417.108648][ T1746] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  417.186696][ T1746] usb 4-1: device descriptor read/8, error -71
[  417.253977][   T42] usb 1-1: config 0 descriptor??
[  417.468140][ T6886] BTRFS info (device loop5): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  417.480446][ T6886] BTRFS info (device loop5): using sha256 (sha256-lib) checksum algorithm
[  417.496189][ T6886] BTRFS info (device loop5): using free-space-tree
[  417.517729][ T1746] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  418.112131][   T42] corsair 0003:1B1C:1B02.0008: hidraw0: USB HID v0.00 Device [HID 1b1c:1b02] on usb-dummy_hcd.0-1/input0
[  418.390015][ T1746] usb 4-1: device descriptor read/8, error -71
[  418.502378][ T1746] usb usb4-port1: unable to enumerate USB device
[  418.543569][ T6882] loop0: detected capacity change from 0 to 512
[  418.829687][ T6882] Quota error (device loop0): find_tree_dqentry: Cycle in quota tree detected: block 3 index 0
[  418.841001][ T6882] Quota error (device loop0): qtree_read_dquot: Can't read quota structure for id 0
[  418.851914][ T6882] EXT4-fs error (device loop0): ext4_acquire_dquot:6933: comm syz.0.204: Failed to acquire dquot type 1
[  418.979460][ T6882] EXT4-fs (loop0): 1 truncate cleaned up
[  418.988090][ T6882] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  419.001325][ T6882] ext4 filesystem being mounted at /48/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  419.041255][ T6069] BTRFS info (device loop5): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  419.524949][ T6920] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  419.588756][ T1746] usb 1-1: USB disconnect, device number 7
[  419.605865][ T6920] syzkaller0: entered promiscuous mode
[  419.613775][ T6920] syzkaller0: entered allmulticast mode
[  419.879913][ T6919] tipc: Resetting bearer <eth:syzkaller0>
[  420.004816][ T6919] tipc: Disabling bearer <eth:syzkaller0>
[  420.823759][ T5811] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  421.100946][ T6936] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  421.183245][ T6926] fido_id[6926]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory
[  421.447044][ T6936] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  421.662699][ T6936] iommufd_mock iommufd_mock2: Adding to iommu group 2
[  421.675065][ T6936] iommufd_mock iommufd_mock3: Adding to iommu group 3
[  421.692139][ T6936] iommufd_mock iommufd_mock4: Adding to iommu group 4
[  421.867794][ T6936] iommufd_mock iommufd_mock5: Adding to iommu group 5
[  421.896151][ T6936] iommufd_mock iommufd_mock6: Adding to iommu group 6
[  421.908202][ T6936] iommufd_mock iommufd_mock7: Adding to iommu group 7
[  421.987567][ T6936] iommufd_mock iommufd_mock8: Adding to iommu group 8
[  422.004276][ T6936] iommufd_mock iommufd_mock9: Adding to iommu group 9
[  422.017571][ T6936] iommufd_mock iommufd_mock10: Adding to iommu group 10
[  422.137683][ T6947] loop3: detected capacity change from 0 to 256
[  422.155626][ T6947] exfat: Deprecated parameter 'namecase'
[  422.162014][ T6947] exfat: Deprecated parameter 'utf8'
[  422.251104][ T6936] iommufd_mock iommufd_mock11: Adding to iommu group 11
[  422.263682][ T6936] iommufd_mock iommufd_mock12: Adding to iommu group 12
[  422.275440][ T6936] iommufd_mock iommufd_mock13: Adding to iommu group 13
[  422.354598][ T6936] iommufd_mock iommufd_mock14: Adding to iommu group 14
[  422.366834][ T6936] iommufd_mock iommufd_mock15: Adding to iommu group 15
[  422.378979][ T6936] iommufd_mock iommufd_mock16: Adding to iommu group 16
[  422.390974][ T6936] iommufd_mock iommufd_mock17: Adding to iommu group 17
[  422.408631][ T6936] iommufd_mock iommufd_mock18: Adding to iommu group 18
[  422.420760][ T6936] iommufd_mock iommufd_mock19: Adding to iommu group 19
[  422.432450][ T6936] iommufd_mock iommufd_mock20: Adding to iommu group 20
[  422.444292][ T6936] iommufd_mock iommufd_mock21: Adding to iommu group 21
[  422.456571][ T6936] iommufd_mock iommufd_mock22: Adding to iommu group 22
[  422.468482][ T6936] iommufd_mock iommufd_mock23: Adding to iommu group 23
[  422.515636][ T6947] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x22785e93, utbl_chksum : 0xe619d30d)
[  422.634868][ T6936] iommufd_mock iommufd_mock24: Adding to iommu group 24
[  422.647364][ T6936] iommufd_mock iommufd_mock25: Adding to iommu group 25
[  422.659267][ T6936] iommufd_mock iommufd_mock26: Adding to iommu group 26
[  422.671409][ T6936] iommufd_mock iommufd_mock27: Adding to iommu group 27
[  422.683440][ T6936] iommufd_mock iommufd_mock28: Adding to iommu group 28
[  422.696110][ T6936] iommufd_mock iommufd_mock29: Adding to iommu group 29
[  422.714810][ T6936] iommufd_mock iommufd_mock30: Adding to iommu group 30
[  422.727893][ T6936] iommufd_mock iommufd_mock31: Adding to iommu group 31
[  422.739891][ T6936] iommufd_mock iommufd_mock32: Adding to iommu group 32
[  422.752086][ T6936] iommufd_mock iommufd_mock33: Adding to iommu group 33
[  422.763984][ T6936] iommufd_mock iommufd_mock34: Adding to iommu group 34
[  422.775656][ T6936] iommufd_mock iommufd_mock35: Adding to iommu group 35
[  422.787732][ T6936] iommufd_mock iommufd_mock36: Adding to iommu group 36
[  422.799900][ T6936] iommufd_mock iommufd_mock37: Adding to iommu group 37
[  422.817704][ T6936] iommufd_mock iommufd_mock38: Adding to iommu group 38
[  422.830279][ T6936] iommufd_mock iommufd_mock39: Adding to iommu group 39
[  422.842025][ T6936] iommufd_mock iommufd_mock40: Adding to iommu group 40
[  422.853773][ T6936] iommufd_mock iommufd_mock41: Adding to iommu group 41
[  422.883015][ T6936] iommufd_mock iommufd_mock42: Adding to iommu group 42
[  422.895057][ T6936] iommufd_mock iommufd_mock43: Adding to iommu group 43
[  422.907034][ T6936] iommufd_mock iommufd_mock44: Adding to iommu group 44
[  422.924051][ T6936] iommufd_mock iommufd_mock45: Adding to iommu group 45
[  422.937876][ T6936] iommufd_mock iommufd_mock46: Adding to iommu group 46
[  422.950490][ T6936] iommufd_mock iommufd_mock47: Adding to iommu group 47
[  422.962273][ T6936] iommufd_mock iommufd_mock48: Adding to iommu group 48
[  422.974466][ T6936] iommufd_mock iommufd_mock49: Adding to iommu group 49
[  422.986475][ T6936] iommufd_mock iommufd_mock50: Adding to iommu group 50
[  422.998518][ T6936] iommufd_mock iommufd_mock51: Adding to iommu group 51
[  423.168940][   T30] audit: type=1326 audit(1755214757.886:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6953 comm="syz.0.219" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f563798ebe9 code=0x0
[  423.329312][ T6936] iommufd_mock iommufd_mock52: Adding to iommu group 52
[  423.532791][ T6936] iommufd_mock iommufd_mock53: Adding to iommu group 53
[  423.611947][ T6936] iommufd_mock iommufd_mock54: Adding to iommu group 54
[  423.624799][ T6936] iommufd_mock iommufd_mock55: Adding to iommu group 55
[  423.650036][ T6936] iommufd_mock iommufd_mock56: Adding to iommu group 56
[  423.728815][ T6936] iommufd_mock iommufd_mock57: Adding to iommu group 57
[  423.748655][ T6936] iommufd_mock iommufd_mock58: Adding to iommu group 58
[  423.761247][ T6936] iommufd_mock iommufd_mock59: Adding to iommu group 59
[  423.773836][ T6936] iommufd_mock iommufd_mock60: Adding to iommu group 60
[  423.786437][ T6936] iommufd_mock iommufd_mock61: Adding to iommu group 61
[  423.799074][ T6936] iommufd_mock iommufd_mock62: Adding to iommu group 62
[  423.811458][ T6936] iommufd_mock iommufd_mock63: Adding to iommu group 63
[  423.823712][ T6936] iommufd_mock iommufd_mock64: Adding to iommu group 64
[  424.091660][ T6964] loop0: detected capacity change from 0 to 1024
[  424.528976][ T6964] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  424.576636][ T6969] loop3: detected capacity change from 0 to 16
[  424.730299][ T6969] erofs (device loop3): rootino(nid 36) is not a directory(i_mode 66300)
[  425.788406][    T9] usb 6-1: new full-speed USB device number 4 using dummy_hcd
[  426.018930][    T9] usb 6-1: New USB device found, idVendor=13d8, idProduct=0020, bcdDevice=f7.31
[  426.022107][ T1746] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  426.028525][    T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  426.138239][ T6969] loop3: detected capacity change from 0 to 2048
[  426.197114][ T1746] usb 5-1: device descriptor read/64, error -71
[  426.243746][    T9] usb 6-1: config 0 descriptor??
[  426.326565][ T6969] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024)
[  426.364902][    T9] usb 6-1: selecting invalid altsetting 3
[  426.371269][    T9] comedi comedi5: could not set alternate setting 3 in high speed
[  426.379684][    T9] usbduxsigma 6-1:0.0: driver 'usbduxsigma' failed to auto-configure device.
[  426.473596][ T1746] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  426.540248][ T6987] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  426.609837][    T9] usbduxsigma 6-1:0.0: probe with driver usbduxsigma failed with error -22
[  426.645379][    T9] usb 6-1: USB disconnect, device number 4
[  426.688105][ T1746] usb 5-1: device descriptor read/64, error -71
[  426.721738][ T6986] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  426.788732][ T6988] syzkaller0: entered promiscuous mode
[  426.794469][ T6988] syzkaller0: entered allmulticast mode
[  426.861699][ T1746] usb usb5-port1: attempt power cycle
[  426.944969][ T6986] tipc: Resetting bearer <eth:syzkaller0>
[  426.980143][ T5811] EXT4-fs error (device loop0): ext4_empty_dir:3113: inode #11: block 8192: comm syz-executor: Attempting to read directory block (8192) that is past i_size (8388864)
[  427.151332][ T6985] tipc: Resetting bearer <eth:syzkaller0>
[  427.189709][ T6985] tipc: Disabling bearer <eth:syzkaller0>
[  427.306287][ T1746] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  427.346798][ T1746] usb 5-1: device descriptor read/8, error -71
[  427.628060][ T5811] EXT4-fs error (device loop0): ext4_empty_dir:3113: inode #11: block 8192: comm syz-executor: Attempting to read directory block (8192) that is past i_size (8388864)
[  427.646316][ T1746] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  427.749572][ T1746] usb 5-1: device descriptor read/8, error -71
[  427.867580][ T1746] usb usb5-port1: unable to enumerate USB device
[  428.247151][ T5811] EXT4-fs error (device loop0): ext4_empty_dir:3113: inode #11: block 8192: comm syz-executor: Attempting to read directory block (8192) that is past i_size (8388864)
[  428.363879][ T1746] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  428.604906][ T1746] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  428.616761][ T1746] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  428.627032][ T1746] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  428.640313][ T1746] usb 6-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00
[  428.654327][ T1746] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  428.770880][ T1746] usb 6-1: config 0 descriptor??
[  429.192067][ T5811] EXT4-fs error (device loop0): ext4_empty_dir:3113: inode #11: block 8192: comm syz-executor: Attempting to read directory block (8192) that is past i_size (8388864)
[  429.268828][ T1746] kovaplus 0003:1E7D:2D50.0009: unknown main item tag 0x0
[  429.276447][ T1746] kovaplus 0003:1E7D:2D50.0009: unknown main item tag 0x0
[  429.283924][ T1746] kovaplus 0003:1E7D:2D50.0009: unknown main item tag 0x0
[  429.291984][ T1746] kovaplus 0003:1E7D:2D50.0009: unknown main item tag 0x0
[  429.299671][ T1746] kovaplus 0003:1E7D:2D50.0009: unknown main item tag 0x0
[  429.395796][ T7005] loop3: detected capacity change from 0 to 64
[  429.473599][ T1746] kovaplus 0003:1E7D:2D50.0009: hidraw0: USB HID v0.00 Device [HID 1e7d:2d50] on usb-dummy_hcd.5-1/input0
[  429.649615][ T1746] usb 6-1: USB disconnect, device number 5
[  430.175928][ T5811] EXT4-fs error (device loop0): ext4_empty_dir:3113: inode #11: block 8192: comm syz-executor: Attempting to read directory block (8192) that is past i_size (8388864)
[  430.425278][ T7002] loop2: detected capacity change from 0 to 40427
[  430.487084][ T7002] F2FS-fs (loop2): invalid crc value
[  430.987983][ T7002] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  431.166699][ T5811] EXT4-fs error (device loop0): ext4_empty_dir:3113: inode #11: block 8192: comm syz-executor: Attempting to read directory block (8192) that is past i_size (8388864)
[  431.246853][ T7002] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  431.328091][ T7002] FAULT_INJECTION: forcing a failure.
[  431.328091][ T7002] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  431.341876][ T7002] CPU: 0 UID: 0 PID: 7002 Comm: syz.2.230 Not tainted 6.17.0-rc1-syzkaller-00038-g0cc53520e68b #0 PREEMPT(none) 
[  431.342044][ T7002] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  431.342131][ T7002] Call Trace:
[  431.342185][ T7002]  <TASK>
[  431.342238][ T7002]  __dump_stack+0x26/0x30
[  431.342439][ T7002]  dump_stack_lvl+0x1df/0x270
[  431.342637][ T7002]  dump_stack+0x1e/0x25
[  431.342809][ T7002]  should_fail_ex+0x7dc/0x8a0
[  431.343042][ T7002]  should_fail+0x2a/0x40
[  431.343234][ T7002]  should_fail_usercopy+0x2e/0x40
[  431.343382][ T7002]  _copy_to_user+0x35/0x120
[  431.343546][ T7002]  simple_read_from_buffer+0x1b2/0x340
[  431.343751][ T7002]  proc_fail_nth_read+0x1e0/0x2d0
[  431.343927][ T7002]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  431.344089][ T7002]  vfs_read+0x279/0xf90
[  431.344254][ T7002]  ? stack_depot_save_flags+0x35/0x7b0
[  431.344462][ T7002]  ? kmsan_get_metadata+0xfb/0x160
[  431.344636][ T7002]  ? kmsan_internal_set_shadow_origin+0x79/0x110
[  431.344814][ T7002]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  431.345006][ T7002]  __x64_sys_read+0x1fb/0x4d0
[  431.345215][ T7002]  x64_sys_call+0x2f9c/0x3e20
[  431.345405][ T7002]  do_syscall_64+0xd9/0x210
[  431.345596][ T7002]  ? irqentry_exit+0x16/0x60
[  431.345755][ T7002]  ? clear_bhb_loop+0x40/0x90
[  431.345919][ T7002]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  431.346079][ T7002] RIP: 0033:0x7f98d6f8d5fc
[  431.346191][ T7002] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  431.346318][ T7002] RSP: 002b:00007f98d7e37030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  431.346491][ T7002] RAX: ffffffffffffffda RBX: 00007f98d71b5fa0 RCX: 00007f98d6f8d5fc
[  431.346611][ T7002] RDX: 000000000000000f RSI: 00007f98d7e370a0 RDI: 0000000000000006
[  431.346705][ T7002] RBP: 00007f98d7e37090 R08: 0000000000000000 R09: 0000000000000000
[  431.346803][ T7002] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  431.346897][ T7002] R13: 00007f98d71b6038 R14: 00007f98d71b5fa0 R15: 00007ffff6bcca88
[  431.347051][ T7002]  </TASK>
[  431.556629][    C0] vkms_vblank_simulate: vblank timer overrun
[  431.662964][ T7008] loop4: detected capacity change from 0 to 32768
[  431.673330][ T7008] XFS: ikeep mount option is deprecated.
[  431.744463][ T7016] loop5: detected capacity change from 0 to 64
[  431.808830][ T7008] XFS (loop4): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  432.007915][ T7013] loop3: detected capacity change from 0 to 256
[  432.074027][ T7013] exfat: Deprecated parameter 'namecase'
[  432.084192][ T7013] exfat: Deprecated parameter 'utf8'
[  432.117367][ T5811] EXT4-fs error (device loop0): ext4_empty_dir:3113: inode #11: block 8192: comm syz-executor: Attempting to read directory block (8192) that is past i_size (8388864)
[  432.242782][ T7008] XFS (loop4): Ending clean mount
[  432.272044][ T7008] XFS (loop4): Quotacheck needed: Please wait.
[  432.390703][ T7013] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x22785e93, utbl_chksum : 0xe619d30d)
[  432.686979][ T5811] EXT4-fs error (device loop0): ext4_empty_dir:3113: inode #11: block 8192: comm syz-executor: Attempting to read directory block (8192) that is past i_size (8388864)
[  432.781403][ T7008] XFS (loop4): Quotacheck: Done.
[  432.932152][ T5814] XFS (loop4): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  433.329379][ T5811] EXT4-fs error (device loop0): ext4_empty_dir:3113: inode #11: block 8192: comm syz-executor: Attempting to read directory block (8192) that is past i_size (8388864)
[  433.626598][ T5811] EXT4-fs error (device loop0): ext4_empty_dir:3113: inode #11: block 8192: comm syz-executor: Attempting to read directory block (8192) that is past i_size (8388864)
[  433.685693][ T7035] loop5: detected capacity change from 0 to 16
[  433.737017][ T7035] erofs (device loop5): mounted with root inode @ nid 36.
[  434.208467][ T5811] EXT4-fs error (device loop0): ext4_empty_dir:3113: inode #11: block 8192: comm syz-executor: Attempting to read directory block (8192) that is past i_size (8388864)
[  434.233661][ T7039] syzkaller0: entered promiscuous mode
[  434.239678][ T7039] syzkaller0: entered allmulticast mode
[  434.786501][ T5811] EXT4-fs error (device loop0): ext4_empty_dir:3113: inode #11: block 8192: comm syz-executor: Attempting to read directory block (8192) that is past i_size (8388864)
[  434.952903][ T7044] netlink: 12 bytes leftover after parsing attributes in process `syz.5.238'.
[  435.076165][ T7046] netlink: 68 bytes leftover after parsing attributes in process `syz.4.235'.
[  435.078321][ T7044] netlink: 'syz.5.238': attribute type 1 has an invalid length.
[  435.369859][ T5811] EXT4-fs error (device loop0): ext4_empty_dir:3113: inode #11: block 8192: comm syz-executor: Attempting to read directory block (8192) that is past i_size (8388864)
[  436.101419][ T5811] EXT4-fs error (device loop0): ext4_empty_dir:3113: inode #11: block 8192: comm syz-executor: Attempting to read directory block (8192) that is past i_size (8388864)
[  436.297895][ T5811] EXT4-fs error (device loop0): ext4_empty_dir:3113: inode #11: block 8192: comm syz-executor: Attempting to read directory block (8192) that is past i_size (8388864)
[  436.900420][ T7063] loop3: detected capacity change from 0 to 64
[  436.933298][ T5811] EXT4-fs error (device loop0): ext4_empty_dir:3113: inode #11: block 8192: comm syz-executor: Attempting to read directory block (8192) that is past i_size (8388864)
[  437.608637][ T5811] EXT4-fs error (device loop0): ext4_empty_dir:3113: inode #11: block 8192: comm syz-executor: Attempting to read directory block (8192) that is past i_size (8388864)
[  438.100192][ T7072] loop2: detected capacity change from 0 to 64
[  438.380666][ T5811] EXT4-fs error (device loop0): ext4_empty_dir:3113: inode #11: block 8192: comm syz-executor: Attempting to read directory block (8192) that is past i_size (8388864)
[  438.953792][ T7075] loop3: detected capacity change from 0 to 2048
[  439.249912][ T5811] EXT4-fs error (device loop0): ext4_empty_dir:3113: inode #11: block 8192: comm syz-executor: Attempting to read directory block (8192) that is past i_size (8388864)
[  439.394009][ T7078] fido_id[7078]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory
[  439.870894][ T5811] EXT4-fs error (device loop0): ext4_empty_dir:3113: inode #11: block 8192: comm syz-executor: Attempting to read directory block (8192) that is past i_size (8388864)
[  440.170379][ T7085] loop3: detected capacity change from 0 to 256
[  440.173669][ T7085] exfat: Unknown parameter 'ioscard�}�K¼éÚT¸'
[  440.565104][ T5811] EXT4-fs error (device loop0): ext4_empty_dir:3113: inode #11: block 8192: comm syz-executor: Attempting to read directory block (8192) that is past i_size (8388864)
[  440.697275][ T7089] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  440.718197][ T7088] syzkaller0: entered promiscuous mode
[  440.718314][ T7088] syzkaller0: entered allmulticast mode
[  440.869687][ T7088] tipc: Resetting bearer <eth:syzkaller0>
[  440.948971][ T7087] tipc: Resetting bearer <eth:syzkaller0>
[  441.043983][ T7087] tipc: Disabling bearer <eth:syzkaller0>
[  441.359409][ T5811] EXT4-fs error (device loop0): ext4_empty_dir:3113: inode #11: block 8192: comm syz-executor: Attempting to read directory block (8192) that is past i_size (8388864)
[  442.208593][ T7097] netlink: 117 bytes leftover after parsing attributes in process `syz.5.251'.
[  443.271597][ T7113] loop4: detected capacity change from 0 to 64
[  443.462983][ T7112] netlink: 'syz.3.257': attribute type 16 has an invalid length.
[  443.471573][ T7112] netlink: 64138 bytes leftover after parsing attributes in process `syz.3.257'.
[  443.512519][ T7116] cifs: Unknown parameter 'no'‘a�£Nð[G¶zob,erèèµ;%j¸¼
[  443.512519][ T7116] ‡üzæ,€@q¬Ú÷ôÐåéJ#³"ŽÚh/.�W1ȱ¨nNCº"†CÙ׈¡E)Ð8+€î¶á÷™¿1®ðÚ<“™+`# ÷Ž¢k²–'
[  443.965771][ T5110] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  444.001274][ T5110] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  444.020250][ T5110] Bluetooth: hci1: command 0x0406 tx timeout
[  444.045625][ T5110] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  444.061916][   T50] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  444.091078][   T50] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  444.285087][ T7118] netlink: 'syz.2.258': attribute type 32 has an invalid length.
[  444.361843][ T7118] loop2: detected capacity change from 0 to 1024
[  444.684093][ T7127] loop3: detected capacity change from 0 to 128
[  444.700790][ T7130] loop4: detected capacity change from 0 to 256
[  445.467031][ T7132] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  445.740557][ T7131] tipc: Resetting bearer <eth:syzkaller0>
[  446.037923][ T7126] tipc: Disabling bearer <eth:syzkaller0>
[  446.254267][ T5807] Bluetooth: hci5: command tx timeout
[  446.727718][ T7145] loop3: detected capacity change from 0 to 32768
[  447.772341][ T7159] capability: warning: `syz.3.266' uses 32-bit capabilities (legacy support in use)
[  447.915549][ T7159] FAULT_INJECTION: forcing a failure.
[  447.915549][ T7159] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  447.929471][ T7159] CPU: 0 UID: 0 PID: 7159 Comm: syz.3.266 Not tainted 6.17.0-rc1-syzkaller-00038-g0cc53520e68b #0 PREEMPT(none) 
[  447.929636][ T7159] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  447.929730][ T7159] Call Trace:
[  447.929784][ T7159]  <TASK>
[  447.929838][ T7159]  __dump_stack+0x26/0x30
[  447.930030][ T7159]  dump_stack_lvl+0x1df/0x270
[  447.930230][ T7159]  dump_stack+0x1e/0x25
[  447.930408][ T7159]  should_fail_ex+0x7dc/0x8a0
[  447.930642][ T7159]  should_fail+0x2a/0x40
[  447.930831][ T7159]  should_fail_usercopy+0x2e/0x40
[  447.930980][ T7159]  _copy_to_user+0x35/0x120
[  447.931196][ T7159]  simple_read_from_buffer+0x1b2/0x340
[  447.931431][ T7159]  proc_fail_nth_read+0x1e0/0x2d0
[  447.931607][ T7159]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  447.931767][ T7159]  vfs_read+0x279/0xf90
[  447.931930][ T7159]  ? stack_depot_save_flags+0x35/0x7b0
[  447.932136][ T7159]  ? kmsan_get_metadata+0xfb/0x160
[  447.932317][ T7159]  ? kmsan_internal_set_shadow_origin+0x79/0x110
[  447.932495][ T7159]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  447.932689][ T7159]  __x64_sys_read+0x1fb/0x4d0
[  447.932897][ T7159]  x64_sys_call+0x2f9c/0x3e20
[  447.933102][ T7159]  do_syscall_64+0xd9/0x210
[  447.933289][ T7159]  ? irqentry_exit+0x16/0x60
[  447.933445][ T7159]  ? clear_bhb_loop+0x40/0x90
[  447.933610][ T7159]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  447.933772][ T7159] RIP: 0033:0x7ffa6ed8d5fc
[  447.933887][ T7159] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  447.934015][ T7159] RSP: 002b:00007ffa6fb3d030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  447.934159][ T7159] RAX: ffffffffffffffda RBX: 00007ffa6efb5fa0 RCX: 00007ffa6ed8d5fc
[  447.934275][ T7159] RDX: 000000000000000f RSI: 00007ffa6fb3d0a0 RDI: 0000000000000004
[  447.934369][ T7159] RBP: 00007ffa6fb3d090 R08: 0000000000000000 R09: 0000000000000000
[  447.934458][ T7159] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  447.934549][ T7159] R13: 00007ffa6efb6038 R14: 00007ffa6efb5fa0 R15: 00007fff848e2138
[  447.934688][ T7159]  </TASK>
[  448.223662][   T42] usb 6-1: new full-speed USB device number 6 using dummy_hcd
[  448.344124][ T5807] Bluetooth: hci5: command tx timeout
[  448.542141][   T42] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  448.553896][   T42] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  448.564692][   T42] usb 6-1: New USB device found, idVendor=13ec, idProduct=0006, bcdDevice= 0.00
[  448.574243][   T42] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  448.727697][ T7165] loop4: detected capacity change from 0 to 64
[  448.727887][   T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  448.787606][   T42] usb 6-1: config 0 descriptor??
[  448.794724][ T5811] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  448.836124][ T7169] netlink: 4 bytes leftover after parsing attributes in process `syz.3.270'.
[  448.935300][ T7169] team_slave_0: entered promiscuous mode
[  448.941331][ T7169] team_slave_1: entered promiscuous mode
[  448.947696][ T7169] macsec1: entered promiscuous mode
[  448.953696][ T7169] team0: entered promiscuous mode
[  448.962577][ T7169] macsec1: entered allmulticast mode
[  448.968299][ T7169] team0: entered allmulticast mode
[  448.973860][ T7169] team_slave_0: entered allmulticast mode
[  448.979818][ T7169] team_slave_1: entered allmulticast mode
[  448.993862][ T7169] team0: Device macsec1 is already an upper device of the team interface
[  449.345667][   T42] zydacron 0003:13EC:0006.000A: unknown main item tag 0x1
[  449.353405][   T42] zydacron 0003:13EC:0006.000A: unknown main item tag 0x6
[  449.364621][ T7169] team0: left allmulticast mode
[  449.369722][ T7169] team_slave_0: left allmulticast mode
[  449.375854][ T7169] team_slave_1: left allmulticast mode
[  449.381606][ T7169] team0: left promiscuous mode
[  449.392035][ T7169] team_slave_0: left promiscuous mode
[  449.397885][ T7169] team_slave_1: left promiscuous mode
[  449.499706][ T7161] loop5: detected capacity change from 0 to 16
[  449.541781][   T42] zydacron 0003:13EC:0006.000A: hidraw0: USB HID v0.00 Device [HID 13ec:0006] on usb-dummy_hcd.5-1/input0
[  449.638487][ T7161] erofs (device loop5): mounted with root inode @ nid 36.
[  449.774837][   T42] usb 6-1: USB disconnect, device number 6
[  449.931320][ T7179] FAULT_INJECTION: forcing a failure.
[  449.931320][ T7179] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  449.949738][ T7179] CPU: 1 UID: 0 PID: 7179 Comm: syz.2.271 Not tainted 6.17.0-rc1-syzkaller-00038-g0cc53520e68b #0 PREEMPT(none) 
[  449.949905][ T7179] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  449.949994][ T7179] Call Trace:
[  449.950057][ T7179]  <TASK>
[  449.950110][ T7179]  __dump_stack+0x26/0x30
[  449.950304][ T7179]  dump_stack_lvl+0x1df/0x270
[  449.950496][ T7179]  dump_stack+0x1e/0x25
[  449.950659][ T7179]  should_fail_ex+0x7dc/0x8a0
[  449.950881][ T7179]  should_fail+0x2a/0x40
[  449.951074][ T7179]  should_fail_usercopy+0x2e/0x40
[  449.951212][ T7179]  _copy_from_user+0x33/0x100
[  449.951366][ T7179]  netlink_setsockopt+0x609/0xd80
[  449.951552][ T7179]  ? __pfx_netlink_setsockopt+0x10/0x10
[  449.951717][ T7179]  __sys_setsockopt+0x43b/0x580
[  449.951898][ T7179]  __x64_sys_setsockopt+0xf4/0x1a0
[  449.952085][ T7179]  x64_sys_call+0x27c9/0x3e20
[  449.952278][ T7179]  do_syscall_64+0xd9/0x210
[  449.952459][ T7179]  ? irqentry_exit+0x16/0x60
[  449.952622][ T7179]  ? clear_bhb_loop+0x40/0x90
[  449.952792][ T7179]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  449.952953][ T7179] RIP: 0033:0x7f98d6f8ebe9
[  449.953077][ T7179] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  449.953207][ T7179] RSP: 002b:00007f98d7e37038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  449.953341][ T7179] RAX: ffffffffffffffda RBX: 00007f98d71b5fa0 RCX: 00007f98d6f8ebe9
[  449.953457][ T7179] RDX: 0000000000000001 RSI: 000000000000010e RDI: 0000000000000003
[  449.953545][ T7179] RBP: 00007f98d7e37090 R08: 0000000000000004 R09: 0000000000000000
[  449.953637][ T7179] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001
[  449.953735][ T7179] R13: 00007f98d71b6038 R14: 00007f98d71b5fa0 R15: 00007ffff6bcca88
[  449.953879][ T7179]  </TASK>
[  450.294618][   T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  450.413320][ T5807] Bluetooth: hci5: command tx timeout
[  450.544608][ T7119] chnl_net:caif_netlink_parms(): no params data found
[  450.741609][   T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  451.039986][   T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  451.078642][ T7180] fido_id[7180]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory
[  451.546461][   T30] audit: type=1326 audit(1755214786.279:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7192 comm="syz.3.275" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7ffa6ed8ebe9 code=0x7ffc0000
[  451.569430][   T30] audit: type=1326 audit(1755214786.279:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7192 comm="syz.3.275" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7ffa6ed8ebe9 code=0x7ffc0000
[  451.663675][    T9] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  451.873228][   T42] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  451.916694][   T30] audit: type=1326 audit(1755214786.489:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7192 comm="syz.3.275" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7ffa6ed8ebe9 code=0x7ffc0000
[  451.925105][    T9] usb 3-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[  451.939547][   T30] audit: type=1326 audit(1755214786.489:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7192 comm="syz.3.275" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7ffa6ed8ebe9 code=0x7ffc0000
[  451.948797][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  451.971314][   T30] audit: type=1326 audit(1755214786.509:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7192 comm="syz.3.275" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7ffa6ed8ebe9 code=0x7ffc0000
[  452.006163][   T30] audit: type=1326 audit(1755214786.509:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7192 comm="syz.3.275" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7ffa6ed8ebe9 code=0x7ffc0000
[  452.029827][   T30] audit: type=1326 audit(1755214786.509:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7192 comm="syz.3.275" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7ffa6ed8ebe9 code=0x7ffc0000
[  452.052548][   T30] audit: type=1326 audit(1755214786.509:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7192 comm="syz.3.275" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7ffa6ed8ebe9 code=0x7ffc0000
[  452.075333][   T30] audit: type=1326 audit(1755214786.509:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7192 comm="syz.3.275" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7ffa6ed8ebe9 code=0x7ffc0000
[  452.102094][   T30] audit: type=1326 audit(1755214786.549:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7192 comm="syz.3.275" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7ffa6ed8ebe9 code=0x7ffc0000
[  452.221264][   T12] bridge_slave_1: left allmulticast mode
[  452.227688][   T12] bridge_slave_1: left promiscuous mode
[  452.234735][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  452.274366][   T12] bridge_slave_0: left allmulticast mode
[  452.280282][   T12] bridge_slave_0: left promiscuous mode
[  452.287320][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  452.306593][ T1288] ieee802154 phy0 wpan0: encryption failed: -22
[  452.313580][ T1288] ieee802154 phy1 wpan1: encryption failed: -22
[  452.344636][   T42] usb 6-1: Using ep0 maxpacket: 32
[  452.372638][   T42] usb 6-1: config 0 has an invalid interface number: 35 but max is 0
[  452.381736][   T42] usb 6-1: config 0 has no interface number 0
[  452.388342][   T42] usb 6-1: config 0 interface 35 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0
[  452.493495][ T5807] Bluetooth: hci5: command tx timeout
[  452.516097][    T9] usb 3-1: config 0 descriptor??
[  452.560866][   T42] usb 6-1: New USB device found, idVendor=10c4, idProduct=818a, bcdDevice=7d.ad
[  452.571983][   T42] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  452.581075][   T42] usb 6-1: Product: syz
[  452.585551][   T42] usb 6-1: Manufacturer: syz
[  452.590379][   T42] usb 6-1: SerialNumber: syz
[  452.644457][   T42] usb 6-1: config 0 descriptor??
[  452.758487][   T42] radio-si470x 6-1:0.35: could not find interrupt in endpoint
[  452.766807][   T42] radio-si470x 6-1:0.35: probe with driver radio-si470x failed with error -5
[  452.927768][   T42] radio-raremono 6-1:0.35: Thanko's Raremono connected: (10C4:818A)
[  453.267868][ T7204] openvswitch: netlink: IP tunnel dst address not specified
[  454.065486][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  454.180998][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  454.282254][   T12] bond0 (unregistering): Released all slaves
[  455.121140][ T7214] loop3: detected capacity change from 0 to 1024
[  455.170683][   T12] tipc: Left network mode
[  455.338023][   T42] radio-raremono 6-1:0.35: raremono_cmd_main failed (-71)
[  455.405375][   T42] radio-raremono 6-1:0.35: V4L2 device registered as radio48
[  455.553901][   T42] usb 6-1: USB disconnect, device number 7
[  455.562075][   T42] radio-raremono 6-1:0.35: Thanko's Raremono disconnected
[  455.739783][ T7119] bridge0: port 1(bridge_slave_0) entered blocking state
[  455.748238][ T7119] bridge0: port 1(bridge_slave_0) entered disabled state
[  455.756673][ T7119] bridge_slave_0: entered allmulticast mode
[  455.769457][ T7119] bridge_slave_0: entered promiscuous mode
[  456.210745][ T7119] bridge0: port 2(bridge_slave_1) entered blocking state
[  456.219493][ T7119] bridge0: port 2(bridge_slave_1) entered disabled state
[  456.228116][ T7119] bridge_slave_1: entered allmulticast mode
[  456.240769][ T7119] bridge_slave_1: entered promiscuous mode
[  456.382179][   T12] hsr_slave_0: left promiscuous mode
[  456.409829][ T7224] loop5: detected capacity change from 0 to 64
[  456.422932][   T12] hsr_slave_1: left promiscuous mode
[  456.433753][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  456.441410][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  456.577037][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  456.586061][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  456.779567][    T9] usb 3-1: Cannot set autoneg
[  456.787989][    T9] MOSCHIP usb-ethernet driver 3-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71
[  456.826152][ T7227] hfsplus: request for non-existent node 1280 in B*Tree
[  456.833964][ T7227] hfsplus: request for non-existent node 1280 in B*Tree
[  456.915590][ T5860] usb 5-1: new full-speed USB device number 14 using dummy_hcd
[  456.939520][    T9] usb 3-1: USB disconnect, device number 13
[  456.957035][   T12] veth1_macvtap: left promiscuous mode
[  456.963312][   T12] veth0_macvtap: left promiscuous mode
[  456.969285][   T12] veth1_vlan: left promiscuous mode
[  456.975335][   T12] veth0_vlan: left promiscuous mode
[  457.502933][ T5860] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  457.515787][ T5860] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  457.528821][ T5860] usb 5-1: New USB device found, idVendor=13ec, idProduct=0006, bcdDevice= 0.00
[  457.539353][ T5860] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  457.716535][ T5860] usb 5-1: config 0 descriptor??
[  458.165451][ T5860] zydacron 0003:13EC:0006.000B: unknown main item tag 0x1
[  458.173463][ T5860] zydacron 0003:13EC:0006.000B: unknown main item tag 0x6
[  458.294724][ T5860] zydacron 0003:13EC:0006.000B: hidraw0: USB HID v0.00 Device [HID 13ec:0006] on usb-dummy_hcd.4-1/input0
[  458.404946][ T7226] loop4: detected capacity change from 0 to 16
[  458.468402][ T7226] erofs (device loop4): mounted with root inode @ nid 36.
[  458.541555][   T42] usb 5-1: USB disconnect, device number 14
[  458.635568][   T12] team0 (unregistering): Port device team_slave_1 removed
[  458.744580][   T12] team0 (unregistering): Port device team_slave_0 removed
[  459.347987][ T7239] fido_id[7239]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory
[  459.636827][ T7119] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  459.757625][ T7119] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  460.140035][ T7250] sg_write: data in/out 197376/152 bytes for SCSI command 0x8-- guessing data in;
[  460.140035][ T7250]    program syz.4.287 not setting count and/or reply_len properly
[  460.350018][ T7119] team0: Port device team_slave_0 added
[  460.408415][ T7249] netlink: 'syz.4.287': attribute type 4 has an invalid length.
[  460.474892][ T7119] team0: Port device team_slave_1 added
[  460.905768][ T7119] batman_adv: batadv0: Adding interface: batadv_slave_0
[  460.916130][ T7119] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  460.943193][ T7119] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  461.159950][ T7119] batman_adv: batadv0: Adding interface: batadv_slave_1
[  461.168639][ T7119] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  461.195292][ T7119] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  461.567834][ T7259] loop3: detected capacity change from 0 to 4096
[  461.624133][ T7267] loop2: detected capacity change from 0 to 64
[  462.106544][ T7119] hsr_slave_0: entered promiscuous mode
[  462.117309][ T7119] hsr_slave_1: entered promiscuous mode
[  462.133672][ T7119] debugfs: 'hsr0' already exists in 'hsr'
[  462.139631][ T7119] Cannot create hsr debugfs directory
[  462.763821][   T42] usb 3-1: new full-speed USB device number 14 using dummy_hcd
[  462.992109][   T42] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  463.003916][   T42] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  463.014187][   T42] usb 3-1: New USB device found, idVendor=13ec, idProduct=0006, bcdDevice= 0.00
[  463.023623][   T42] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  463.208356][ T7280] loop5: detected capacity change from 0 to 1024
[  463.218314][   T42] usb 3-1: config 0 descriptor??
[  463.712981][   T42] zydacron 0003:13EC:0006.000C: unknown main item tag 0x1
[  463.720493][   T42] zydacron 0003:13EC:0006.000C: unknown main item tag 0x6
[  463.822505][   T42] zydacron 0003:13EC:0006.000C: hidraw0: USB HID v0.00 Device [HID 13ec:0006] on usb-dummy_hcd.2-1/input0
[  463.909709][ T7276] loop2: detected capacity change from 0 to 16
[  463.962767][ T7276] erofs (device loop2): mounted with root inode @ nid 36.
[  464.077084][   T42] usb 3-1: USB disconnect, device number 14
[  464.417080][ T7119] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  464.505634][    C0] hrtimer: interrupt took 246678 ns
[  464.628373][ T7119] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  464.753616][ T7119] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  464.857728][ T7119] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  464.858611][ T7285] fido_id[7285]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory
[  465.023488][   T42] usb 4-1: new full-speed USB device number 11 using dummy_hcd
[  465.245201][   T42] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  465.256814][   T42] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  465.267135][   T42] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  465.276613][   T42] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  465.459403][   T42] usb 4-1: config 0 descriptor??
[  465.544181][   T42] hub 4-1:0.0: USB hub found
[  465.746383][   T42] hub 4-1:0.0: config failed, hub has too many ports! (err -19)
[  466.231901][ T7300] loop2: detected capacity change from 0 to 64
[  467.218266][ T7119] 8021q: adding VLAN 0 to HW filter on device bond0
[  467.506623][ T7314] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(3)
[  467.513434][ T7314] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  467.521923][ T7314] vhci_hcd vhci_hcd.0: Device attached
[  467.623136][ T7119] 8021q: adding VLAN 0 to HW filter on device team0
[  467.695582][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  467.703308][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  467.761898][ T5864] vhci_hcd: vhci_device speed not set
[  467.785245][ T7319] FAULT_INJECTION: forcing a failure.
[  467.785245][ T7319] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  467.798868][ T7319] CPU: 1 UID: 0 PID: 7319 Comm: syz.5.305 Not tainted 6.17.0-rc1-syzkaller-00038-g0cc53520e68b #0 PREEMPT(none) 
[  467.799030][ T7319] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  467.799124][ T7319] Call Trace:
[  467.799179][ T7319]  <TASK>
[  467.799233][ T7319]  __dump_stack+0x26/0x30
[  467.799436][ T7319]  dump_stack_lvl+0x1df/0x270
[  467.799632][ T7319]  dump_stack+0x1e/0x25
[  467.799803][ T7319]  should_fail_ex+0x7dc/0x8a0
[  467.800034][ T7319]  should_fail+0x2a/0x40
[  467.800222][ T7319]  should_fail_usercopy+0x2e/0x40
[  467.800379][ T7319]  _copy_to_user+0x35/0x120
[  467.800535][ T7319]  simple_read_from_buffer+0x1b2/0x340
[  467.800740][ T7319]  proc_fail_nth_read+0x1e0/0x2d0
[  467.800908][ T7319]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  467.801070][ T7319]  vfs_read+0x279/0xf90
[  467.801235][ T7319]  ? stack_depot_save_flags+0x35/0x7b0
[  467.801458][ T7319]  ? kmsan_get_metadata+0xfb/0x160
[  467.801635][ T7319]  ? kmsan_internal_set_shadow_origin+0x79/0x110
[  467.801813][ T7319]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  467.802006][ T7319]  __x64_sys_read+0x1fb/0x4d0
[  467.802210][ T7319]  x64_sys_call+0x2f9c/0x3e20
[  467.802417][ T7319]  do_syscall_64+0xd9/0x210
[  467.802601][ T7319]  ? irqentry_exit+0x16/0x60
[  467.802751][ T7319]  ? clear_bhb_loop+0x40/0x90
[  467.802914][ T7319]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  467.803077][ T7319] RIP: 0033:0x7f7cee58d5fc
[  467.803194][ T7319] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  467.803351][ T7319] RSP: 002b:00007f7cef48f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  467.803490][ T7319] RAX: ffffffffffffffda RBX: 00007f7cee7b5fa0 RCX: 00007f7cee58d5fc
[  467.803599][ T7319] RDX: 000000000000000f RSI: 00007f7cef48f0a0 RDI: 0000000000000007
[  467.803694][ T7319] RBP: 00007f7cef48f090 R08: 0000000000000000 R09: 0000000000000000
[  467.803785][ T7319] R10: 0000200000000600 R11: 0000000000000246 R12: 0000000000000001
[  467.803877][ T7319] R13: 00007f7cee7b6038 R14: 00007f7cee7b5fa0 R15: 00007ffe7d53a8d8
[  467.804021][ T7319]  </TASK>
[  468.062056][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  468.069684][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  468.261423][ T5864] usb 41-1: new full-speed USB device number 2 using vhci_hcd
[  468.362959][ T7316] vhci_hcd: connection reset by peer
[  468.377492][ T4780] vhci_hcd: stop threads
[  468.384987][ T4780] vhci_hcd: release socket
[  468.389638][ T4780] vhci_hcd: disconnect device
[  468.653624][   T42] usbhid 4-1:0.0: can't add hid device: -71
[  468.660297][   T42] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  468.816579][   T42] usb 4-1: USB disconnect, device number 11
[  469.129473][ T7321] loop2: detected capacity change from 0 to 2048
[  469.154313][ T7325] loop5: detected capacity change from 0 to 16
[  469.197546][ T7321] EXT4-fs: Ignoring removed mblk_io_submit option
[  469.205508][ T7321] EXT4-fs: Ignoring removed nobh option
[  469.249189][ T7325] erofs (device loop5): rootino(nid 36) is not a directory(i_mode 125300)
[  469.503978][ T7321] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  470.877165][ T5805] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  470.890886][ T7342] loop3: detected capacity change from 0 to 32768
[  470.908096][ T7342] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.310 (7342)
[  470.958244][ T7342] BTRFS info (device loop3): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[  470.970191][ T7342] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm
[  470.980859][ T7342] BTRFS info (device loop3): using free-space-tree
[  471.565613][ T7119] 8021q: adding VLAN 0 to HW filter on device batadv0
[  471.681046][ T5817] BTRFS info (device loop3): last unmount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[  472.591617][ T7374] cgroup: Unknown subsys name 'cpuset'
[  472.715524][ T7369] loop2: detected capacity change from 0 to 32768
[  473.410966][ T5864] vhci_hcd: vhci_device speed not set
[  473.696383][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  473.914422][ T7383] netlink: 'syz.3.314': attribute type 10 has an invalid length.
[  475.900977][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  476.052707][    T0] NOHZ tick-stop error: local softirq work is pending, handler #300!!!
[  476.544859][ T7399] loop4: detected capacity change from 0 to 128
[  476.793423][ T7399] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  476.816381][ T7399] ext4 filesystem being mounted at /70/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  478.474342][ T5814] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  479.363694][ T7119] veth0_vlan: entered promiscuous mode
[  479.557972][ T7119] veth1_vlan: entered promiscuous mode
[  479.697355][ T7416] loop4: detected capacity change from 0 to 512
[  479.768351][ T7418] netlink: 268 bytes leftover after parsing attributes in process `syz.3.325'.
[  479.795382][ T7416] EXT4-fs: Ignoring removed oldalloc option
[  480.125596][ T7119] veth0_macvtap: entered promiscuous mode
[  480.193176][ T7416] EXT4-fs error (device loop4): ext4_xattr_inode_iget:433: comm syz.4.324: Parent and EA inode have the same ino 15
[  480.300628][ T7416] EXT4-fs (loop4): 1 orphan inode deleted
[  480.308843][ T7416] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  480.314874][ T7119] veth1_macvtap: entered promiscuous mode
[  480.543181][ T7424] loop2: detected capacity change from 0 to 1024
[  480.609244][ T7119] batman_adv: batadv0: Interface activated: batadv_slave_0
[  480.743082][ T7119] batman_adv: batadv0: Interface activated: batadv_slave_1
[  480.860698][ T7424] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  480.872653][ T2905] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  480.919019][ T2905] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  480.960647][   T77] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  481.086514][   T30] kauditd_printk_skb: 13 callbacks suppressed
[  481.086600][   T30] audit: type=1800 audit(1755214815.832:74): pid=7424 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.326" name="file1" dev="loop2" ino=15 res=0 errno=0
[  481.114290][   T77] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  481.300058][   T30] audit: type=1800 audit(1755214815.932:75): pid=7424 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.326" name="file1" dev="loop2" ino=15 res=0 errno=0
[  481.345920][ T5814] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  481.744648][ T7419] loop3: detected capacity change from 0 to 8192
[  481.894208][ T7419] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  482.117709][ T5805] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  482.921783][    T9] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  483.149952][    T9] usb 6-1: Using ep0 maxpacket: 16
[  483.190079][ T5860] usb 3-1: new full-speed USB device number 15 using dummy_hcd
[  483.240588][    T9] usb 6-1: config 0 interface 0 altsetting 8 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  483.253070][    T9] usb 6-1: config 0 interface 0 altsetting 8 endpoint 0x81 has invalid wMaxPacketSize 0
[  483.263702][    T9] usb 6-1: config 0 interface 0 has no altsetting 0
[  483.270718][    T9] usb 6-1: New USB device found, idVendor=04d9, idProduct=a055, bcdDevice= 0.00
[  483.280292][    T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  483.492393][ T5860] usb 3-1: config 0 has an invalid interface number: 123 but max is 0
[  483.501215][ T5860] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  483.512917][ T5860] usb 3-1: config 0 has no interface number 0
[  483.562596][    T9] usb 6-1: config 0 descriptor??
[  483.713044][ T5860] usb 3-1: New USB device found, idVendor=20df, idProduct=0001, bcdDevice=97.6d
[  483.722760][ T5860] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  483.731317][ T5860] usb 3-1: Product: syz
[  483.735856][ T5860] usb 3-1: Manufacturer: syz
[  483.740919][ T5860] usb 3-1: SerialNumber: syz
[  483.995126][ T5860] usb 3-1: config 0 descriptor??
[  484.056153][ T5860] cdc_acm 3-1:0.123: skipping garbage
[  484.062072][ T5860] cdc_acm 3-1:0.123: invalid descriptor buffer length
[  484.245373][    T9] usbhid 6-1:0.0: can't add hid device: -71
[  484.252593][    T9] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  484.337308][ T7456] loop7: detected capacity change from 0 to 7
[  484.384376][    T9] usb 6-1: USB disconnect, device number 8
[  484.395803][ T5860] usb 3-1: USB disconnect, device number 15
[  484.423520][ T7456] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  484.434005][ T7456] Buffer I/O error on dev loop7, logical block 0, async page read
[  484.442473][ T7456] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  484.452011][ T7456] Buffer I/O error on dev loop7, logical block 0, async page read
[  484.460606][ T7456] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  484.470151][ T7456] Buffer I/O error on dev loop7, logical block 0, async page read
[  484.478361][ T7456] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  484.488132][ T7456] Buffer I/O error on dev loop7, logical block 0, async page read
[  484.499558][ T7456] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  484.509196][ T7456] Buffer I/O error on dev loop7, logical block 0, async page read
[  484.517579][ T7456] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  484.529198][ T7456] Buffer I/O error on dev loop7, logical block 0, async page read
[  484.537423][ T7456] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  484.548601][ T7456] Buffer I/O error on dev loop7, logical block 0, async page read
[  484.558667][ T7456] ldm_validate_partition_table(): Disk read failed.
[  484.566995][ T7456] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  484.578235][ T7456] Buffer I/O error on dev loop7, logical block 0, async page read
[  484.588211][ T7456] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  484.599401][ T7456] Buffer I/O error on dev loop7, logical block 0, async page read
[  484.607625][ T7456] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  484.617985][ T7456] Buffer I/O error on dev loop7, logical block 0, async page read
[  484.626460][ T7456] Dev loop7: unable to read RDB block 0
[  484.632987][ T7456]  loop7: unable to read partition table
[  484.791193][ T7456] loop7: partition table beyond EOD, truncated
[  484.797848][ T7456] loop_reread_partitions: partition scan of loop7 () failed (rc=-5)
[  485.186570][ T7455] loop3: detected capacity change from 0 to 4096
[  485.268318][ T7455] EXT4-fs: Ignoring removed orlov option
[  485.412120][ T7455] EXT4-fs (loop3): can't mount with data_err=abort, fs mounted w/o journal
[  485.639174][ T7466] loop5: detected capacity change from 0 to 128
[  485.857371][ T7467] loop2: detected capacity change from 0 to 2048
[  485.870974][ T7466] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  485.960538][ T7466] ext4 filesystem being mounted at /55/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  485.992854][    T9] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  486.005654][ T7467] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  486.224426][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  486.235090][    T9] usb 4-1: New USB device found, idVendor=258a, idProduct=6a88, bcdDevice= 0.00
[  486.244620][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  486.406607][ T5807] Bluetooth: Fragment is too long (len 14, expected 2)
[  486.650656][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[  486.952497][    T9] usb 4-1: config 0 descriptor??
[  487.293003][ T6069] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  487.829478][    T9] usbhid 4-1:0.0: can't add hid device: -71
[  487.836301][    T9] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  487.936203][    T9] usb 4-1: USB disconnect, device number 12
[  488.061502][ T7482] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  488.069077][ T7482] IPv6: NLM_F_CREATE should be set when creating new route
[  488.838713][    T9] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  489.062869][    T9] usb 4-1: config 220 has an invalid interface number: 76 but max is 2
[  489.071608][    T9] usb 4-1: config 220 contains an unexpected descriptor of type 0x2, skipping
[  489.081017][    T9] usb 4-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  489.091816][    T9] usb 4-1: config 220 has no interface number 2
[  489.098484][    T9] usb 4-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[  489.112088][    T9] usb 4-1: config 220 interface 0 has no altsetting 0
[  489.119322][    T9] usb 4-1: config 220 interface 76 has no altsetting 0
[  489.126446][    T9] usb 4-1: config 220 interface 1 has no altsetting 0
[  489.148198][ T7493] loop4: detected capacity change from 0 to 512
[  489.439712][    T9] usb 4-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  489.451533][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  489.459985][    T9] usb 4-1: Product: syz
[  489.464362][    T9] usb 4-1: Manufacturer: syz
[  489.469440][    T9] usb 4-1: SerialNumber: syz
[  489.531224][ T7493] EXT4-fs error (device loop4): ext4_orphan_get:1392: inode #15: comm syz.4.342: iget: bad i_size value: 38620345925642
[  489.560032][   T30] audit: type=1326 audit(1755214824.293:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7498 comm="syz.5.343" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7cee58ebe9 code=0x0
[  489.594442][ T7493] EXT4-fs error (device loop4): ext4_orphan_get:1397: comm syz.4.342: couldn't read orphan inode 15 (err -117)
[  489.664736][ T7493] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  489.849604][ T7497] EXT4-fs error (device loop4): ext4_validate_block_bitmap:432: comm ext4lazyinit: bg 0: block 5: invalid block bitmap
[  489.961585][ T3796] EXT4-fs (loop4): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 64 with error 28
[  489.975539][ T3796] EXT4-fs (loop4): This should not happen!! Data will be lost
[  489.975539][ T3796] 
[  489.989259][ T3796] EXT4-fs (loop4): Total free blocks count 0
[  489.995567][ T3796] EXT4-fs (loop4): Free/Dirty block details
[  490.003873][ T3796] EXT4-fs (loop4): free_blocks=0
[  490.009348][ T3796] EXT4-fs (loop4): dirty_blocks=68
[  490.014675][ T3796] EXT4-fs (loop4): Block reservation details
[  490.021114][ T3796] EXT4-fs (loop4): i_reserved_data_blocks=68
[  490.060269][    T9] usb 4-1: Found UVC 7.01 device syz (8086:0b07)
[  490.067189][    T9] usb 4-1: No valid video chain found.
[  490.074827][    T9] usb 4-1: selecting invalid altsetting 0
[  490.075934][ T7502] fscrypt (loop4, inode 18): Unsupported encryption modes (contents 0, filenames 0)
[  490.255582][    T9] usb 4-1: selecting invalid altsetting 0
[  490.262071][    T9] usbtest 4-1:220.1: probe with driver usbtest failed with error -22
[  490.390641][    T9] usb 4-1: USB disconnect, device number 13
[  490.613157][ T2905] EXT4-fs (loop4): Delayed block allocation failed for inode 19 at logical offset 64 with max blocks 4 with error 28
[  490.910191][ T7509] loop2: detected capacity change from 0 to 256
[  491.009776][ T7509] FAT-fs (loop2): Directory bread(block 1285) failed
[  491.129033][ T7509] FAT-fs (loop2): Directory bread(block 1285) failed
[  491.136324][ T7509] FAT-fs (loop2): Directory bread(block 1285) failed
[  491.144354][ T7509] FAT-fs (loop2): Directory bread(block 1285) failed
[  491.296725][ T7517] FAT-fs (loop2): Directory bread(block 1285) failed
[  491.305459][ T7517] FAT-fs (loop2): FAT read failed (blocknr 1281)
[  491.497455][ T7509] FAT-fs (loop2): Directory bread(block 1285) failed
[  491.504832][ T7509] FAT-fs (loop2): Directory bread(block 1285) failed
[  491.516401][ T7509] FAT-fs (loop2): Directory bread(block 1285) failed
[  491.524644][    T9] hid-generic 0005:16C0:5505.000D: hidraw0: BLUETOOTH HID v3f.47 Device [syz0] on aa:aa:aa:aa:aa:aa
[  491.650228][ T7517] FAT-fs (loop2): Directory bread(block 1285) failed
[  492.069576][    T0] NOHZ tick-stop error: local softirq work is pending, handler #282!!!
[  492.230361][    T0] NOHZ tick-stop error: local softirq work is pending, handler #2c0!!!
[  492.883697][ T7533] loop4: detected capacity change from 0 to 512
[  492.912699][ T7531] loop2: detected capacity change from 0 to 128
[  492.994790][ T7531] EXT4-fs: Ignoring removed orlov option
[  493.034260][ T7533] EXT4-fs (loop4): Test dummy encryption mode enabled
[  493.042251][ T7533] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  493.053577][ T7533] EXT4-fs (loop4): SIPHASH is not a valid default hash value
[  493.251939][ T7531] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  493.347561][   T77] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  493.356082][   T77] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  493.385057][ T7531] ext4 filesystem being mounted at /78/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  493.566363][ T7531] EXT4-fs error (device loop2): __ext4_find_entry:1626: inode #2: comm syz.2.349: checksumming directory block 0
[  494.182438][ T3796] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  494.191503][ T3796] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  496.247289][ T5805] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  496.730798][ T7550] netlink: 4 bytes leftover after parsing attributes in process `syz.6.250'.
[  497.460786][ T7559] loop3: detected capacity change from 0 to 128
[  497.577705][    T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!!
[  498.250386][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  498.372728][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  498.581195][    T0] NOHZ tick-stop error: local softirq work is pending, handler #c2!!!
[  500.399198][    T9] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  500.688843][    T9] usb 7-1: Using ep0 maxpacket: 8
[  500.787796][    T9] usb 7-1: config 9 has an invalid interface number: 187 but max is 3
[  500.796511][    T9] usb 7-1: config 9 has an invalid descriptor of length 0, skipping remainder of the config
[  500.807140][    T9] usb 7-1: config 9 has 1 interface, different from the descriptor's value: 4
[  500.816166][    T9] usb 7-1: config 9 has no interface number 0
[  500.822544][    T9] usb 7-1: config 9 interface 187 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 11
[  500.836048][    T9] usb 7-1: config 9 interface 187 has no altsetting 0
[  501.045769][ T7564] loop2: detected capacity change from 0 to 8
[  501.109665][ T7564] SQUASHFS error: zlib decompression failed, data probably corrupt
[  501.118166][ T7564] SQUASHFS error: Failed to read block 0x9b: -5
[  501.124702][ T7564] SQUASHFS error: Unable to read metadata cache entry [99]
[  501.132264][ T7564] SQUASHFS error: Unable to read inode 0x127
[  503.849223][    T9] usb 7-1: New USB device found, idVendor=1199, idProduct=901b, bcdDevice=7e.5d
[  503.858670][    T9] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  504.000510][    T9] usb 7-1: can't set config #9, error -71
[  504.078230][    T9] usb 7-1: USB disconnect, device number 2
[  504.592789][ T7576] loop6: detected capacity change from 0 to 512
[  504.694031][ T7576] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  504.895496][ T7576] EXT4-fs (loop6): 1 truncate cleaned up
[  504.904639][ T7576] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  505.118531][ T7576] loop6: detected capacity change from 512 to 0
[  505.153667][ T7585] syz.6.359: attempt to access beyond end of device
[  505.153667][ T7585] loop6: rw=524288, sector=12, nr_sectors = 2 limit=0
[  505.168530][ T7585] syz.6.359: attempt to access beyond end of device
[  505.168530][ T7585] loop6: rw=524288, sector=16, nr_sectors = 2 limit=0
[  505.182638][ T7585] syz.6.359: attempt to access beyond end of device
[  505.182638][ T7585] loop6: rw=524288, sector=18, nr_sectors = 2 limit=0
[  505.196512][ T7585] syz.6.359: attempt to access beyond end of device
[  505.196512][ T7585] loop6: rw=12288, sector=14, nr_sectors = 2 limit=0
[  505.210719][ T7585] EXT4-fs error (device loop6): ext4_get_inode_loc:4999: inode #12: block 7: comm syz.6.359: unable to read itable block
[  505.224173][ T7585] syz.6.359: attempt to access beyond end of device
[  505.224173][ T7585] loop6: rw=145409, sector=2, nr_sectors = 2 limit=0
[  505.237818][ T7585] buffer_io_error: 5 callbacks suppressed
[  505.237881][ T7585] Buffer I/O error on dev loop6, logical block 1, lost sync page write
[  505.252212][ T7585] EXT4-fs (loop6): I/O error while writing superblock
[  505.275932][    C1] blk_print_req_error: 5 callbacks suppressed
[  505.276035][    C1] I/O error, dev loop6, sector 10 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  508.294540][ T7119] EXT4-fs error (device loop6): ext4_readdir:264: inode #2: block 13: comm syz-executor: path /1/file2: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0
[  508.316356][ T7119] syz-executor: attempt to access beyond end of device
[  508.316356][ T7119] loop6: rw=145409, sector=2, nr_sectors = 2 limit=0
[  508.332482][ T7119] Buffer I/O error on dev loop6, logical block 1, lost sync page write
[  508.342509][ T7119] EXT4-fs (loop6): I/O error while writing superblock
[  509.054129][ T7601] loop3: detected capacity change from 0 to 256
[  509.316392][ T7601] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x53fda505, utbl_chksum : 0xe619d30d)
[  509.330084][ T7601] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186)
[  509.415135][ T7119] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  509.527717][ T7119] syz-executor: attempt to access beyond end of device
[  509.527717][ T7119] loop6: rw=145409, sector=2, nr_sectors = 2 limit=0
[  509.546092][ T7119] Buffer I/O error on dev loop6, logical block 1, lost sync page write
[  509.554577][ T7119] EXT4-fs (loop6): I/O error while writing superblock
[  509.969327][   T50] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  509.999815][   T50] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  510.013517][   T50] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  510.029428][   T50] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  510.085594][   T50] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  510.274319][ T2905] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  510.566713][ T2905] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  511.313443][ T2905] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  511.720321][ T7613] loop2: detected capacity change from 0 to 2048
[  511.742214][ T2905] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  512.030472][ T7613] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  512.230674][ T5807] Bluetooth: hci2: command tx timeout
[  512.696361][   T30] audit: type=1800 audit(1755214847.136:77): pid=7613 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.372" name="bus" dev="loop2" ino=1367 res=0 errno=0
[  513.378025][ T2905] bridge_slave_1: left allmulticast mode
[  513.383912][ T2905] bridge_slave_1: left promiscuous mode
[  513.391417][ T2905] bridge0: port 2(bridge_slave_1) entered disabled state
[  513.521720][ T5805] UDF-fs: error (device loop2): udf_read_inode: (ino 1440) failed !bh
[  513.604466][ T5805] UDF-fs: error (device loop2): udf_read_inode: (ino 1440) failed !bh
[  513.652325][ T1288] ieee802154 phy0 wpan0: encryption failed: -22
[  513.659339][ T1288] ieee802154 phy1 wpan1: encryption failed: -22
[  513.738932][ T2905] bridge_slave_0: left allmulticast mode
[  513.744829][ T2905] bridge_slave_0: left promiscuous mode
[  513.754659][ T2905] bridge0: port 1(bridge_slave_0) entered disabled state
[  514.276899][ T5807] Bluetooth: hci2: command tx timeout
[  514.594728][ T2905] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  514.647188][ T2905] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  514.676734][ T2905] bond0 (unregistering): Released all slaves
[  515.381776][ T2905] hsr_slave_0: left promiscuous mode
[  515.400256][ T2905] hsr_slave_1: left promiscuous mode
[  515.408758][ T2905] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  515.419741][ T2905] batman_adv: batadv0: Removing interface: batadv_slave_0
[  515.480256][ T2905] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  515.488000][ T2905] batman_adv: batadv0: Removing interface: batadv_slave_1
[  515.592022][ T2905] veth1_macvtap: left promiscuous mode
[  515.597965][ T2905] veth0_macvtap: left promiscuous mode
[  515.603901][ T2905] veth1_vlan: left promiscuous mode
[  515.609699][ T2905] veth0_vlan: left promiscuous mode
[  516.355959][ T5807] Bluetooth: hci2: command tx timeout
[  516.526285][ T2905] team0 (unregistering): Port device team_slave_1 removed
[  516.563477][ T2905] team0 (unregistering): Port device team_slave_0 removed
[  516.929014][ T7606] chnl_net:caif_netlink_parms(): no params data found
[  517.442731][ T2905] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  517.648539][ T2905] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  517.838076][ T2905] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  518.011780][ T2905] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  518.152741][   T50] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  518.199770][   T50] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  518.219780][   T50] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  518.243933][   T50] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  518.273676][   T50] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  518.420011][ T5807] Bluetooth: hci2: command tx timeout
[  518.439672][ T2905] bridge_slave_1: left allmulticast mode
[  518.445734][ T2905] bridge_slave_1: left promiscuous mode
[  518.452506][ T2905] bridge0: port 2(bridge_slave_1) entered disabled state
[  518.469040][ T2905] bridge_slave_0: left allmulticast mode
[  518.475255][ T2905] bridge_slave_0: left promiscuous mode
[  518.481958][ T2905] bridge0: port 1(bridge_slave_0) entered disabled state
[  519.420974][ T2905] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  519.551522][ T2905] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  519.608674][ T2905] bond0 (unregistering): Released all slaves
[  519.661432][ T7644] loop3: detected capacity change from 0 to 128
[  519.925871][ T7644] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  520.008523][ T7644] ext4 filesystem being mounted at /80/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  520.326183][ T2905] tipc: Left network mode
[  520.485053][   T50] Bluetooth: hci0: command tx timeout
[  520.571469][ T7606] bridge0: port 1(bridge_slave_0) entered blocking state
[  520.579452][ T7606] bridge0: port 1(bridge_slave_0) entered disabled state
[  520.587386][ T7606] bridge_slave_0: entered allmulticast mode
[  520.602238][ T7606] bridge_slave_0: entered promiscuous mode
[  520.919789][ T7606] bridge0: port 2(bridge_slave_1) entered blocking state
[  520.927654][ T7606] bridge0: port 2(bridge_slave_1) entered disabled state
[  520.935597][ T7606] bridge_slave_1: entered allmulticast mode
[  521.017011][ T7606] bridge_slave_1: entered promiscuous mode
[  521.136663][ T2905] hsr_slave_0: left promiscuous mode
[  521.147214][ T5807] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  521.160238][ T5807] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  521.193260][ T5807] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  521.235682][ T5807] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  521.248237][ T5807] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  521.304237][ T2905] hsr_slave_1: left promiscuous mode
[  521.316557][ T2905] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  521.324169][ T2905] batman_adv: batadv0: Removing interface: batadv_slave_0
[  521.368117][ T7644] fscrypt: Adiantum using implementation "adiantum(xchacha12-generic,aes-fixed-time,nhpoly1305-generic)"
[  521.464057][ T2905] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  521.471947][ T2905] batman_adv: batadv0: Removing interface: batadv_slave_1
[  521.606959][ T2905] veth1_macvtap: left promiscuous mode
[  521.616580][ T2905] veth0_macvtap: left promiscuous mode
[  521.622542][ T2905] veth1_vlan: left promiscuous mode
[  521.628347][ T2905] veth0_vlan: left promiscuous mode
[  521.796157][ T5817] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  522.509306][ T7663] loop4: detected capacity change from 0 to 1024
[  523.021356][   T50] Bluetooth: hci0: command tx timeout
[  523.193426][ T7667] loop3: detected capacity change from 0 to 512
[  524.023381][   T50] Bluetooth: hci5: command tx timeout
[  524.273367][ T7667] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  524.290973][ T7667] ext4 filesystem being mounted at /81/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  525.044319][   T50] Bluetooth: hci0: command tx timeout
[  525.436653][ T2905] team0 (unregistering): Port device team_slave_1 removed
[  525.512824][ T5817] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  525.530361][ T2905] team0 (unregistering): Port device team_slave_0 removed
[  526.174955][   T50] Bluetooth: hci5: command tx timeout
[  526.269152][ T7606] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  526.312843][ T7606] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  526.480871][ T7673] loop4: detected capacity change from 0 to 1024
[  526.981418][ T7606] team0: Port device team_slave_0 added
[  527.015074][ T2905] IPVS: stop unused estimator thread 0...
[  527.089761][ T7606] team0: Port device team_slave_1 added
[  527.135584][ T7673] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  527.151621][   T50] Bluetooth: hci0: command tx timeout
[  527.730844][ T7606] batman_adv: batadv0: Adding interface: batadv_slave_0
[  527.738163][ T7606] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  527.764633][ T7606] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  527.792387][ T5814] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  527.850247][ T7686] loop3: detected capacity change from 0 to 512
[  527.881871][ T7606] batman_adv: batadv0: Adding interface: batadv_slave_1
[  527.889371][ T7606] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  527.914246][ T7686] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  527.916088][ T7606] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  528.196691][ T7686] EXT4-fs error (device loop3): ext4_orphan_get:1392: inode #15: comm syz.3.386: iget: bad i_size value: 360287970189639680
[  528.244367][   T50] Bluetooth: hci5: command tx timeout
[  528.273301][ T7686] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm syz.3.386: couldn't read orphan inode 15 (err -117)
[  528.466439][ T7686] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  528.632366][ T7686] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.386: bg 0: block 65: padding at end of block bitmap is not set
[  528.707281][ T7686] Quota error (device loop3): write_blk: dquota write failed
[  528.715637][ T7686] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota
[  528.726772][ T7686] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.386: Failed to acquire dquot type 0
[  528.745920][ T7630] chnl_net:caif_netlink_parms(): no params data found
[  528.906400][ T7606] hsr_slave_0: entered promiscuous mode
[  528.915924][ T7606] hsr_slave_1: entered promiscuous mode
[  529.252229][ T5817] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  529.729324][ T7656] chnl_net:caif_netlink_parms(): no params data found
[  530.338286][   T50] Bluetooth: hci5: command tx timeout
[  532.423151][ T7630] bridge0: port 1(bridge_slave_0) entered blocking state
[  532.430969][ T7630] bridge0: port 1(bridge_slave_0) entered disabled state
[  532.439025][ T7630] bridge_slave_0: entered allmulticast mode
[  532.449548][ T7630] bridge_slave_0: entered promiscuous mode
[  532.463128][ T7606] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  532.601513][ T7606] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  532.927019][ T7630] bridge0: port 2(bridge_slave_1) entered blocking state
[  532.935850][ T7630] bridge0: port 2(bridge_slave_1) entered disabled state
[  532.944137][ T7630] bridge_slave_1: entered allmulticast mode
[  532.962209][ T7630] bridge_slave_1: entered promiscuous mode
[  533.643405][ T7720] loop3: detected capacity change from 0 to 1024
[  533.669218][ T7606] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  534.194839][ T7720] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  535.890354][ T7630] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  535.915838][ T7606] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  535.996440][ T7656] bridge0: port 1(bridge_slave_0) entered blocking state
[  536.009851][ T7656] bridge0: port 1(bridge_slave_0) entered disabled state
[  536.018882][ T7656] bridge_slave_0: entered allmulticast mode
[  536.029440][ T7656] bridge_slave_0: entered promiscuous mode
[  536.084970][ T7630] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  536.224790][ T7720] loop3: detected capacity change from 1024 to 0
[  536.279519][    C1] I/O error, dev loop3, sector 32 op 0x0:(READ) flags 0x3000 phys_seg 1 prio class 2
[  536.289985][ T7728] EXT4-fs error (device loop3): __ext4_find_entry:1615: inode #2: comm syz.3.390: reading directory lblock 0
[  536.303381][ T7728] syz.3.390: attempt to access beyond end of device
[  536.303381][ T7728] loop3: rw=145409, sector=2, nr_sectors = 2 limit=0
[  536.317429][ T7728] Buffer I/O error on dev loop3, logical block 1, lost sync page write
[  536.326999][ T7728] EXT4-fs (loop3): I/O error while writing superblock
[  536.334220][ T7728] EXT4-fs (loop3): Remounting filesystem read-only
[  536.346826][ T7656] bridge0: port 2(bridge_slave_1) entered blocking state
[  536.355511][ T7656] bridge0: port 2(bridge_slave_1) entered disabled state
[  536.363494][ T7656] bridge_slave_1: entered allmulticast mode
[  536.372177][ T7656] bridge_slave_1: entered promiscuous mode
[  536.805973][ T5817] syz-executor: attempt to access beyond end of device
[  536.805973][ T5817] loop3: rw=12288, sector=32, nr_sectors = 2 limit=0
[  536.986750][ T7630] team0: Port device team_slave_0 added
[  537.255587][ T7630] team0: Port device team_slave_1 added
[  537.315360][ T7656] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  537.516361][ T5817] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  537.541461][ T7656] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  537.603717][ T7721] kmmpd-loop3: attempt to access beyond end of device
[  537.603717][ T7721] loop3: rw=14337, sector=128, nr_sectors = 2 limit=0
[  537.617898][ T7721] Buffer I/O error on dev loop3, logical block 64, lost sync page write
[  538.046032][ T7630] batman_adv: batadv0: Adding interface: batadv_slave_0
[  538.053325][ T7630] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  538.080110][ T7630] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  538.287927][ T7656] team0: Port device team_slave_0 added
[  538.400817][ T4052] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  538.436580][ T7630] batman_adv: batadv0: Adding interface: batadv_slave_1
[  538.444666][ T7630] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  538.471409][ T7630] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  538.498432][ T7656] team0: Port device team_slave_1 added
[  539.133968][ T4052] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  539.284361][ T7656] batman_adv: batadv0: Adding interface: batadv_slave_0
[  539.291512][ T7656] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  539.318273][ T7656] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  539.507359][ T4052] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  539.664964][ T4052] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  539.737354][ T7656] batman_adv: batadv0: Adding interface: batadv_slave_1
[  539.744630][ T7656] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  539.771054][ T7656] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  539.989226][ T7630] hsr_slave_0: entered promiscuous mode
[  539.999434][ T7630] hsr_slave_1: entered promiscuous mode
[  540.007667][ T7630] debugfs: 'hsr0' already exists in 'hsr'
[  540.013679][ T7630] Cannot create hsr debugfs directory
[  540.553748][ T7656] hsr_slave_0: entered promiscuous mode
[  540.562988][ T7656] hsr_slave_1: entered promiscuous mode
[  540.570876][ T7656] debugfs: 'hsr0' already exists in 'hsr'
[  540.576983][ T7656] Cannot create hsr debugfs directory
[  540.778250][ T4052] bridge_slave_1: left allmulticast mode
[  540.784302][ T4052] bridge_slave_1: left promiscuous mode
[  540.790585][ T4052] bridge0: port 2(bridge_slave_1) entered disabled state
[  540.862000][ T4052] bridge_slave_0: left allmulticast mode
[  540.868687][ T4052] bridge_slave_0: left promiscuous mode
[  540.876007][ T4052] bridge0: port 1(bridge_slave_0) entered disabled state
[  541.696578][ T4052] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  541.765423][ T4052] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  541.834486][ T4052] bond0 (unregistering): Released all slaves
[  542.220892][ T7606] 8021q: adding VLAN 0 to HW filter on device bond0
[  542.280582][ T4052] tipc: Left network mode
[  542.610427][ T7606] 8021q: adding VLAN 0 to HW filter on device team0
[  543.026081][ T2937] bridge0: port 1(bridge_slave_0) entered blocking state
[  543.034538][ T2937] bridge0: port 1(bridge_slave_0) entered forwarding state
[  543.273743][ T4052] hsr_slave_0: left promiscuous mode
[  543.347670][ T4052] hsr_slave_1: left promiscuous mode
[  543.349962][ T5807] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  543.356387][ T4052] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  543.368169][ T4052] batman_adv: batadv0: Removing interface: batadv_slave_0
[  543.380145][ T5807] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  543.404587][ T5807] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  543.458257][ T5807] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  543.482730][ T5807] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  543.565108][ T4052] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  543.572885][ T4052] batman_adv: batadv0: Removing interface: batadv_slave_1
[  543.663282][ T4052] veth1_macvtap: left promiscuous mode
[  543.669053][ T4052] veth0_macvtap: left promiscuous mode
[  543.675138][ T4052] veth1_vlan: left promiscuous mode
[  543.680824][ T4052] veth0_vlan: left promiscuous mode
[  545.310657][ T4052] team0 (unregistering): Port device team_slave_1 removed
[  545.395159][ T4052] team0 (unregistering): Port device team_slave_0 removed
[  545.662288][   T50] Bluetooth: hci4: command tx timeout
[  545.754992][ T2937] bridge0: port 2(bridge_slave_1) entered blocking state
[  545.762491][ T2937] bridge0: port 2(bridge_slave_1) entered forwarding state
[  546.999445][ T4052] ------------[ cut here ]------------
[  547.008027][ T4052] WARNING: CPU: 1 PID: 4052 at net/xfrm/xfrm_state.c:3303 xfrm_state_fini+0x2fa/0x4c0
[  547.018836][ T4052] Modules linked in:
[  547.023156][ T4052] CPU: 1 UID: 0 PID: 4052 Comm: kworker/u8:24 Not tainted 6.17.0-rc1-syzkaller-00038-g0cc53520e68b #0 PREEMPT(none) 
[  547.035810][ T4052] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  547.046359][ T4052] Workqueue: netns cleanup_net
[  547.051697][ T4052] RIP: 0010:xfrm_state_fini+0x2fa/0x4c0
[  547.057550][ T4052] Code: 48 83 c4 18 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc 8b 3a e8 15 61 c5 f3 4d 39 f7 0f 84 ac fd ff ff e8 b7 98 22 f3 90 <0f> 0b 90 e9 a3 fd ff ff 8b 3a e8 f7 60 c5 f3 4d 85 f6 0f 84 03 fe
[  547.077715][ T4052] RSP: 0018:ffff888116d8ba48 EFLAGS: 00010293
[  547.084174][ T4052] RAX: ffffffff8ed25cc9 RBX: ffff88804e9b8000 RCX: ffff88811782a0c0
[  547.092584][ T4052] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff88804e9b8e00
[  547.100870][ T4052] RBP: ffff888116d8ba88 R08: ffffea000000000f R09: 0000000000000000
[  547.111865][ T4052] R10: ffff888237b73028 R11: 0000000000000000 R12: 00000000046400cd
[  547.120074][ T4052] R13: ffff88804e9b8028 R14: ffff88804e9b8e00 R15: ffff888055554418
[  547.129491][ T4052] FS:  0000000000000000(0000) GS:ffff8881aa798000(0000) knlGS:0000000000000000
[  547.138826][ T4052] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  547.145816][ T4052] CR2: 0000200000026000 CR3: 0000000050f20000 CR4: 00000000003526f0
[  547.154224][ T4052] Call Trace:
[  547.157668][ T4052]  <TASK>
[  547.160788][ T4052]  xfrm_net_exit+0x46/0x90
[  547.165641][ T4052]  ? __pfx_xfrm_net_exit+0x10/0x10
[  547.171060][ T4052]  ops_undo_list+0x6c5/0xb80
[  547.176112][ T4052]  cleanup_net+0xb8f/0x14b0
[  547.180975][ T4052]  ? __pfx_cleanup_net+0x10/0x10
[  547.186358][ T4052]  process_scheduled_works+0xb91/0x1d80
[  547.192420][ T4052]  worker_thread+0xedf/0x1590
[  547.197469][ T4052]  kthread+0xd59/0xf00
[  547.201950][ T4052]  ? __pfx_worker_thread+0x10/0x10
[  547.207529][ T4052]  ? __pfx_kthread+0x10/0x10
[  547.215201][ T4052]  ret_from_fork+0x1e3/0x310
[  547.220078][ T4052]  ? __pfx_kthread+0x10/0x10
[  547.225704][ T4052]  ret_from_fork_asm+0x1a/0x30
[  547.230817][ T4052]  </TASK>
[  547.234092][ T4052] ---[ end trace 0000000000000000 ]---
[  547.429977][ T7630] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  547.623811][ T7630] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  547.683813][ T5807] Bluetooth: hci4: command tx timeout
[  547.747166][ T7656] netdevsim netdevsim9 netdevsim0: renamed from eth0
[  547.839430][ T7656] netdevsim netdevsim9 netdevsim1: renamed from eth1
[  547.891634][ T4052] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  547.920148][ T7630] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  548.036161][ T7630] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  548.095808][ T7656] netdevsim netdevsim9 netdevsim2: renamed from eth2
[  548.136493][ T7656] netdevsim netdevsim9 netdevsim3: renamed from eth3
[  548.189266][ T4052] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  548.387584][ T4052] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  548.653280][ T4052] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  548.949635][ T7748] chnl_net:caif_netlink_parms(): no params data found
[  549.387380][ T4052] bridge_slave_1: left allmulticast mode
[  549.393604][ T4052] bridge_slave_1: left promiscuous mode
[  549.400300][ T4052] bridge0: port 2(bridge_slave_1) entered disabled state
[  549.470926][ T4052] bridge_slave_0: left allmulticast mode
[  549.477126][ T4052] bridge_slave_0: left promiscuous mode
[  549.484098][ T4052] bridge0: port 1(bridge_slave_0) entered disabled state
[  549.773060][ T5807] Bluetooth: hci4: command tx timeout
[  549.999506][ T4052] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  550.023386][ T4052] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  550.050015][ T4052] bond0 (unregistering): Released all slaves
[  550.368079][ T4052] tipc: Left network mode
[  550.498201][ T7606] 8021q: adding VLAN 0 to HW filter on device batadv0
[  551.002235][ T4052] hsr_slave_0: left promiscuous mode
[  551.025545][ T4052] hsr_slave_1: left promiscuous mode
[  551.034006][ T4052] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  551.042566][ T4052] batman_adv: batadv0: Removing interface: batadv_slave_0
[  551.110740][ T4052] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  551.120834][ T4052] batman_adv: batadv0: Removing interface: batadv_slave_1
[  551.224152][ T4052] veth1_macvtap: left promiscuous mode
[  551.230203][ T4052] veth0_macvtap: left promiscuous mode
[  551.237287][ T4052] veth1_vlan: left promiscuous mode
[  551.243656][ T4052] veth0_vlan: left promiscuous mode
[  551.842704][ T5807] Bluetooth: hci4: command tx timeout
[  552.495491][ T4052] team0 (unregistering): Port device team_slave_1 removed
[  552.580634][ T4052] team0 (unregistering): Port device team_slave_0 removed
[  552.978544][ T7630] 8021q: adding VLAN 0 to HW filter on device bond0
[  553.173216][   T50] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  553.195762][   T50] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  553.241076][   T50] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  553.265846][   T50] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  553.376353][   T50] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  553.406655][ T7630] 8021q: adding VLAN 0 to HW filter on device team0
[  553.553490][ T7656] 8021q: adding VLAN 0 to HW filter on device bond0
[  553.601179][   T77] bridge0: port 1(bridge_slave_0) entered blocking state
[  553.608754][   T77] bridge0: port 1(bridge_slave_0) entered forwarding state
[  553.778231][   T77] bridge0: port 2(bridge_slave_1) entered blocking state
[  553.786633][   T77] bridge0: port 2(bridge_slave_1) entered forwarding state
[  554.031073][ T7748] bridge0: port 1(bridge_slave_0) entered blocking state
[  554.038661][ T7748] bridge0: port 1(bridge_slave_0) entered disabled state
[  554.046664][ T7748] bridge_slave_0: entered allmulticast mode
[  554.056524][ T7748] bridge_slave_0: entered promiscuous mode
[  554.122057][ T7656] 8021q: adding VLAN 0 to HW filter on device team0
[  554.169210][ T7748] bridge0: port 2(bridge_slave_1) entered blocking state
[  554.179879][ T7748] bridge0: port 2(bridge_slave_1) entered disabled state
[  554.187893][ T7748] bridge_slave_1: entered allmulticast mode
[  554.197869][ T7748] bridge_slave_1: entered promiscuous mode
[  554.595242][ T3796] bridge0: port 1(bridge_slave_0) entered blocking state
[  554.603309][ T3796] bridge0: port 1(bridge_slave_0) entered forwarding state
[  554.625500][ T3796] bridge0: port 2(bridge_slave_1) entered blocking state
[  554.633457][ T3796] bridge0: port 2(bridge_slave_1) entered forwarding state
[  554.738305][ T7748] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  554.932289][ T7748] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  554.994168][ T7630] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  555.347985][ T7748] team0: Port device team_slave_0 added
[  555.441038][   T50] Bluetooth: hci1: command tx timeout
[  555.531737][ T7748] team0: Port device team_slave_1 added
[  555.918580][ T7748] batman_adv: batadv0: Adding interface: batadv_slave_0
[  555.925883][ T7748] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  555.952801][ T7748] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  555.983899][ T7791] chnl_net:caif_netlink_parms(): no params data found
[  556.188201][ T7748] batman_adv: batadv0: Adding interface: batadv_slave_1
[  556.195617][ T7748] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  556.224215][ T7748] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  556.269305][ T7606] veth0_vlan: entered promiscuous mode
[  556.567819][ T7606] veth1_vlan: entered promiscuous mode
[  557.141012][ T7748] hsr_slave_0: entered promiscuous mode
[  557.154901][ T7748] hsr_slave_1: entered promiscuous mode
[  557.163963][ T7748] debugfs: 'hsr0' already exists in 'hsr'
[  557.169906][ T7748] Cannot create hsr debugfs directory
[  557.543714][   T50] Bluetooth: hci1: command tx timeout
[  557.561833][ T7630] 8021q: adding VLAN 0 to HW filter on device batadv0
[  557.967898][ T7606] veth0_macvtap: entered promiscuous mode
[  558.198034][ T7606] veth1_macvtap: entered promiscuous mode
[  558.479753][ T7606] batman_adv: batadv0: Interface activated: batadv_slave_0
[  558.625235][ T7606] batman_adv: batadv0: Interface activated: batadv_slave_1
[  558.920005][ T7791] bridge0: port 1(bridge_slave_0) entered blocking state
[  558.928196][ T7791] bridge0: port 1(bridge_slave_0) entered disabled state
[  558.936218][ T7791] bridge_slave_0: entered allmulticast mode
[  558.946263][ T7791] bridge_slave_0: entered promiscuous mode
[  558.977561][ T4052] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  559.134378][ T4052] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  559.199799][ T7791] bridge0: port 2(bridge_slave_1) entered blocking state
[  559.208856][ T7791] bridge0: port 2(bridge_slave_1) entered disabled state
[  559.217951][ T7791] bridge_slave_1: entered allmulticast mode
[  559.228108][ T7791] bridge_slave_1: entered promiscuous mode
[  559.311256][ T4052] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  559.334047][ T7656] 8021q: adding VLAN 0 to HW filter on device batadv0
[  559.549877][ T4780] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  559.612746][   T50] Bluetooth: hci1: command tx timeout
[  559.821258][ T7791] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  560.143989][ T7791] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  561.127433][ T7791] team0: Port device team_slave_0 added
[  561.417729][ T7791] team0: Port device team_slave_1 added
[  561.691977][   T50] Bluetooth: hci1: command tx timeout
[  561.971589][ T7791] batman_adv: batadv0: Adding interface: batadv_slave_0
[  561.978743][ T7791] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  562.008659][ T7791] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  562.078136][ T7748] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  562.165366][ T7791] batman_adv: batadv0: Adding interface: batadv_slave_1
[  562.172803][ T7791] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  562.199289][ T7791] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  562.214579][ T7748] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  562.287028][ T7630] veth0_vlan: entered promiscuous mode
[  562.333039][ T7748] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  562.431421][ T7748] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  562.564272][ T7630] veth1_vlan: entered promiscuous mode
[  563.008577][ T7791] hsr_slave_0: entered promiscuous mode
[  563.021288][ T7791] hsr_slave_1: entered promiscuous mode
[  563.031318][ T7791] debugfs: 'hsr0' already exists in 'hsr'
[  563.037283][ T7791] Cannot create hsr debugfs directory
[  563.542791][ T7656] veth0_vlan: entered promiscuous mode
[  563.556197][ T7630] veth0_macvtap: entered promiscuous mode
[  563.618603][ T7630] veth1_macvtap: entered promiscuous mode
[  563.867595][ T7656] veth1_vlan: entered promiscuous mode
[  564.058027][ T2905] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  564.134496][ T7630] batman_adv: batadv0: Interface activated: batadv_slave_0
[  564.214080][ T2905] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  564.395309][ T2905] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  564.462644][ T7630] batman_adv: batadv0: Interface activated: batadv_slave_1
[  564.544409][   T35] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  564.599250][ T2905] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  564.637447][   T35] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  564.790297][   T35] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  564.803061][   T35] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  565.047381][ T7656] veth0_macvtap: entered promiscuous mode
[  565.132549][ T7748] 8021q: adding VLAN 0 to HW filter on device bond0
[  565.654844][ T7656] veth1_macvtap: entered promiscuous mode
[  565.670910][ T2905] bridge_slave_1: left allmulticast mode
[  565.676885][ T2905] bridge_slave_1: left promiscuous mode
[  565.684401][ T2905] bridge0: port 2(bridge_slave_1) entered disabled state
[  565.780438][ T2905] bridge_slave_0: left allmulticast mode
[  565.786342][ T2905] bridge_slave_0: left promiscuous mode
[  565.794462][ T2905] bridge0: port 1(bridge_slave_0) entered disabled state
[  566.383378][ T2905] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  566.428081][ T2905] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  566.447112][ T2905] bond0 (unregistering): Released all slaves
[  566.751304][ T2905] tipc: Left network mode
[  567.120887][ T7748] 8021q: adding VLAN 0 to HW filter on device team0
[  567.164647][ T7656] batman_adv: batadv0: Interface activated: batadv_slave_0
[  567.345973][ T1148] bridge0: port 1(bridge_slave_0) entered blocking state
[  567.353720][ T1148] bridge0: port 1(bridge_slave_0) entered forwarding state
[  567.553701][ T1148] bridge0: port 2(bridge_slave_1) entered blocking state
[  567.561437][ T1148] bridge0: port 2(bridge_slave_1) entered forwarding state
[  567.600658][ T7656] batman_adv: batadv0: Interface activated: batadv_slave_1
[  567.689803][ T2905] hsr_slave_0: left promiscuous mode
[  567.721996][ T2905] hsr_slave_1: left promiscuous mode
[  567.730420][ T2905] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  567.738023][ T2905] batman_adv: batadv0: Removing interface: batadv_slave_0
[  567.767907][ T2905] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  567.775788][ T2905] batman_adv: batadv0: Removing interface: batadv_slave_1
[  567.803092][ T2905] veth1_macvtap: left promiscuous mode
[  567.808868][ T2905] veth0_macvtap: left promiscuous mode
[  567.815701][ T2905] veth1_vlan: left promiscuous mode
[  567.821439][ T2905] veth0_vlan: left promiscuous mode
[  568.548940][ T2905] team0 (unregistering): Port device team_slave_1 removed
[  568.667230][ T2905] team0 (unregistering): Port device team_slave_0 removed
[  569.159816][ T1148] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  569.170046][ T1148] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  569.223878][ T1148] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  569.279692][ T1148] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  569.385314][ T7791] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  569.492607][ T7791] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  569.659404][ T7791] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  569.839484][ T7791] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  570.358026][ T5807] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  570.367677][ T5807] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  570.380966][ T5807] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  570.397660][ T5807] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  570.422310][ T5807] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  570.955613][ T7791] 8021q: adding VLAN 0 to HW filter on device bond0
[  571.302950][ T7791] 8021q: adding VLAN 0 to HW filter on device team0
[  571.481162][   T35] bridge0: port 1(bridge_slave_0) entered blocking state
[  571.488885][   T35] bridge0: port 1(bridge_slave_0) entered forwarding state
[  571.546860][   T35] bridge0: port 2(bridge_slave_1) entered blocking state
[  571.554710][   T35] bridge0: port 2(bridge_slave_1) entered forwarding state
[  572.561620][ T5807] Bluetooth: hci3: command tx timeout
[  572.696159][ T7748] 8021q: adding VLAN 0 to HW filter on device batadv0
[  573.101751][ T7902] chnl_net:caif_netlink_parms(): no params data found
[  573.606994][ T7748] veth0_vlan: entered promiscuous mode
[  573.813846][ T7748] veth1_vlan: entered promiscuous mode
[  574.335294][ T7748] veth0_macvtap: entered promiscuous mode
[  574.444599][ T7748] veth1_macvtap: entered promiscuous mode
[  574.647471][ T5807] Bluetooth: hci3: command tx timeout
[  574.779139][ T7748] batman_adv: batadv0: Interface activated: batadv_slave_0
[  575.054241][ T7748] batman_adv: batadv0: Interface activated: batadv_slave_1
[  575.093260][ T1288] ieee802154 phy0 wpan0: encryption failed: -22
[  575.100368][ T1288] ieee802154 phy1 wpan1: encryption failed: -22
[  575.163640][ T7791] 8021q: adding VLAN 0 to HW filter on device batadv0
[  575.215901][   T77] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  575.277570][ T2937] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  575.428642][ T1148] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  575.563379][ T2937] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  575.660064][ T1148] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  575.769075][ T2937] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  575.810552][ T7902] bridge0: port 1(bridge_slave_0) entered blocking state
[  575.818400][ T7902] bridge0: port 1(bridge_slave_0) entered disabled state
[  575.826233][ T7902] bridge_slave_0: entered allmulticast mode
[  575.837812][ T7902] bridge_slave_0: entered promiscuous mode
[  575.875813][ T1148] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  575.979251][ T2937] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  576.059082][ T7902] bridge0: port 2(bridge_slave_1) entered blocking state
[  576.066666][ T7902] bridge0: port 2(bridge_slave_1) entered disabled state
[  576.077331][ T7902] bridge_slave_1: entered allmulticast mode
[  576.163309][ T7902] bridge_slave_1: entered promiscuous mode
[  576.539200][ T7902] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  576.663753][ T7902] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  576.728685][ T5807] Bluetooth: hci3: command tx timeout
[  577.120599][ T7902] team0: Port device team_slave_0 added
[  577.162421][ T2937] bridge_slave_1: left allmulticast mode
[  577.169165][ T2937] bridge_slave_1: left promiscuous mode
[  577.175779][ T2937] bridge0: port 2(bridge_slave_1) entered disabled state
[  577.203148][ T2937] bridge_slave_0: left allmulticast mode
[  577.209180][ T2937] bridge_slave_0: left promiscuous mode
[  577.215866][ T2937] bridge0: port 1(bridge_slave_0) entered disabled state
[  577.680927][ T2937] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  577.730932][ T2937] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  577.747191][ T2937] bond0 (unregistering): Released all slaves
[  577.784844][ T7902] team0: Port device team_slave_1 added
[  578.198170][ T2937] hsr_slave_0: left promiscuous mode
[  578.228203][ T2937] hsr_slave_1: left promiscuous mode
[  578.236401][ T2937] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  578.250173][ T2937] batman_adv: batadv0: Removing interface: batadv_slave_0
[  578.280976][ T2937] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  578.290498][ T2937] batman_adv: batadv0: Removing interface: batadv_slave_1
[  578.317453][ T2937] veth1_macvtap: left promiscuous mode
[  578.324833][ T2937] veth0_macvtap: left promiscuous mode
[  578.331010][ T2937] veth1_vlan: left promiscuous mode
[  578.336590][ T2937] veth0_vlan: left promiscuous mode
[  578.825816][ T5807] Bluetooth: hci3: command tx timeout
[  578.930028][   T50] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  578.950233][   T50] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  578.962040][   T50] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  579.034083][   T50] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  579.090316][   T50] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  579.277248][ T2937] team0 (unregistering): Port device team_slave_1 removed
[  579.367613][ T2937] team0 (unregistering): Port device team_slave_0 removed
[  579.709331][ T7791] veth0_vlan: entered promiscuous mode
[  579.906879][ T7902] batman_adv: batadv0: Adding interface: batadv_slave_0
[  579.914268][ T7902] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  579.943594][ T7902] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  580.138953][ T7791] veth1_vlan: entered promiscuous mode
[  580.160961][ T7902] batman_adv: batadv0: Adding interface: batadv_slave_1
[  580.168241][ T7902] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  580.194854][ T7902] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  581.289842][ T2937] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  581.334236][ T7791] veth0_macvtap: entered promiscuous mode
[  581.378928][ T7902] hsr_slave_0: entered promiscuous mode
[  581.389888][ T7902] hsr_slave_1: entered promiscuous mode
[  581.448003][   T50] Bluetooth: hci2: command tx timeout
[  581.488701][ T2937] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  581.552187][ T5807] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  581.583695][ T7791] veth1_macvtap: entered promiscuous mode
[  581.621581][ T5807] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  581.640199][ T5807] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  581.664299][ T5807] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  581.684362][ T5807] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  581.755135][ T2937] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  581.902304][ T2937] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  582.255974][ T7791] batman_adv: batadv0: Interface activated: batadv_slave_0
[  582.469622][ T7791] batman_adv: batadv0: Interface activated: batadv_slave_1
[  582.808203][   T35] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  582.835570][ T4780] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  582.913485][ T4780] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  582.984078][ T4780] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  583.245551][ T2937] bridge_slave_1: left allmulticast mode
[  583.251707][ T2937] bridge_slave_1: left promiscuous mode
[  583.258556][ T2937] bridge0: port 2(bridge_slave_1) entered disabled state
[  583.323237][ T2937] bridge_slave_0: left allmulticast mode
[  583.329263][ T2937] bridge_slave_0: left promiscuous mode
[  583.335969][ T2937] bridge0: port 1(bridge_slave_0) entered disabled state
[  583.528401][   T50] Bluetooth: hci2: command tx timeout
[  583.772506][   T50] Bluetooth: hci0: command tx timeout
[  583.819626][ T2937] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  583.835790][ T2937] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  583.852071][ T2937] bond0 (unregistering): Released all slaves
[  584.184351][ T7959] chnl_net:caif_netlink_parms(): no params data found
[  584.589376][ T2937] hsr_slave_0: left promiscuous mode
[  584.618059][ T2937] hsr_slave_1: left promiscuous mode
[  584.626172][ T2937] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  584.635785][ T2937] batman_adv: batadv0: Removing interface: batadv_slave_0
[  584.689382][ T2937] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  584.696997][ T2937] batman_adv: batadv0: Removing interface: batadv_slave_1
[  584.724304][ T2937] veth1_macvtap: left promiscuous mode
[  584.732183][ T2937] veth0_macvtap: left promiscuous mode
[  584.739941][ T2937] veth1_vlan: left promiscuous mode
[  584.745528][ T2937] veth0_vlan: left promiscuous mode
[  585.334721][ T2937] team0 (unregistering): Port device team_slave_1 removed
[  585.408754][ T2937] team0 (unregistering): Port device team_slave_0 removed
[  585.603694][   T50] Bluetooth: hci2: command tx timeout
[  585.848663][   T50] Bluetooth: hci0: command tx timeout
[  585.903877][ T7967] chnl_net:caif_netlink_parms(): no params data found
[  586.393124][ T2937] netdevsim netdevsim9 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  586.642827][ T2937] netdevsim netdevsim9 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  586.825972][ T2937] netdevsim netdevsim9 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  587.066603][ T7902] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  587.151594][ T2937] netdevsim netdevsim9 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  587.241806][   T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  587.247460][ T7902] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  587.251284][   T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  587.331587][ T7959] bridge0: port 1(bridge_slave_0) entered blocking state
[  587.339643][ T7959] bridge0: port 1(bridge_slave_0) entered disabled state
[  587.347776][ T7959] bridge_slave_0: entered allmulticast mode
[  587.357826][ T7959] bridge_slave_0: entered promiscuous mode
[  587.404044][ T7902] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  587.509870][ T7959] bridge0: port 2(bridge_slave_1) entered blocking state
[  587.518018][ T7959] bridge0: port 2(bridge_slave_1) entered disabled state
[  587.525795][ T7959] bridge_slave_1: entered allmulticast mode
[  587.535960][ T7959] bridge_slave_1: entered promiscuous mode
[  587.565332][ T7902] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  587.703029][   T50] Bluetooth: hci2: command tx timeout
[  587.923734][   T50] Bluetooth: hci0: command tx timeout
[  588.034385][ T7959] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  588.053247][   T77] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  588.062394][   T77] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  588.144980][ T7967] bridge0: port 1(bridge_slave_0) entered blocking state
[  588.154113][ T7967] bridge0: port 1(bridge_slave_0) entered disabled state
[  588.162170][ T7967] bridge_slave_0: entered allmulticast mode
[  588.172428][ T7967] bridge_slave_0: entered promiscuous mode
[  588.220830][ T7959] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  588.241612][ T2937] bridge_slave_1: left allmulticast mode
[  588.247822][ T2937] bridge_slave_1: left promiscuous mode
[  588.254470][ T2937] bridge0: port 2(bridge_slave_1) entered disabled state
[  588.275159][ T2937] bridge_slave_0: left allmulticast mode
[  588.281263][ T2937] bridge_slave_0: left promiscuous mode
[  588.288183][ T2937] bridge0: port 1(bridge_slave_0) entered disabled state
[  588.945674][ T2937] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  588.984151][ T2937] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  589.014809][ T2937] bond0 (unregistering): Released all slaves
[  589.130750][ T7967] bridge0: port 2(bridge_slave_1) entered blocking state
[  589.138503][ T7967] bridge0: port 2(bridge_slave_1) entered disabled state
[  589.146232][ T7967] bridge_slave_1: entered allmulticast mode
[  589.156444][ T7967] bridge_slave_1: entered promiscuous mode
[  589.543330][ T2937] hsr_slave_0: left promiscuous mode
[  589.569524][ T2937] hsr_slave_1: left promiscuous mode
[  589.581227][ T2937] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  589.588951][ T2937] batman_adv: batadv0: Removing interface: batadv_slave_0
[  589.613402][ T2937] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  589.624193][ T2937] batman_adv: batadv0: Removing interface: batadv_slave_1
[  589.679747][ T2937] veth1_macvtap: left promiscuous mode
[  589.685547][ T2937] veth0_macvtap: left promiscuous mode
[  589.693185][ T2937] veth1_vlan: left promiscuous mode
[  589.698923][ T2937] veth0_vlan: left promiscuous mode
[  590.068091][   T50] Bluetooth: hci0: command tx timeout
[  590.502486][ T2937] team0 (unregistering): Port device team_slave_1 removed
[  590.594935][ T2937] team0 (unregistering): Port device team_slave_0 removed
[  590.673170][ T8011] netlink: 277 bytes leftover after parsing attributes in process `syz.1.398'.
[  591.089532][ T7959] team0: Port device team_slave_0 added
[  591.129168][ T7967] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  591.147489][ T7959] team0: Port device team_slave_1 added
[  591.391059][ T7967] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  591.417403][ T7959] batman_adv: batadv0: Adding interface: batadv_slave_0
[  591.424577][ T7959] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  591.451579][ T7959] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  591.622248][ T7959] batman_adv: batadv0: Adding interface: batadv_slave_1
[  591.629731][ T7959] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  591.656222][ T7959] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  592.297218][ T7967] team0: Port device team_slave_0 added
[  592.400592][ T7967] team0: Port device team_slave_1 added
[  592.885388][ T7967] batman_adv: batadv0: Adding interface: batadv_slave_0
[  592.892975][ T7967] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  592.919297][ T7967] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  592.949310][ T7959] hsr_slave_0: entered promiscuous mode
[  592.962968][ T7959] hsr_slave_1: entered promiscuous mode
[  592.971208][ T7959] debugfs: 'hsr0' already exists in 'hsr'
[  592.977237][ T7959] Cannot create hsr debugfs directory
[  593.106634][ T7967] batman_adv: batadv0: Adding interface: batadv_slave_1
[  593.113799][ T7967] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  593.140670][ T7967] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  593.267334][ T7902] 8021q: adding VLAN 0 to HW filter on device bond0
[  593.626019][ T7967] hsr_slave_0: entered promiscuous mode
[  593.637211][ T7967] hsr_slave_1: entered promiscuous mode
[  593.646462][ T7967] debugfs: 'hsr0' already exists in 'hsr'
[  593.652413][ T7967] Cannot create hsr debugfs directory
[  593.820613][ T7902] 8021q: adding VLAN 0 to HW filter on device team0
[  594.028583][ T1148] bridge0: port 1(bridge_slave_0) entered blocking state
[  594.036387][ T1148] bridge0: port 1(bridge_slave_0) entered forwarding state
[  594.074951][   T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  594.083268][   T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  594.363575][ T2937] bridge0: port 2(bridge_slave_1) entered blocking state
[  594.371060][ T2937] bridge0: port 2(bridge_slave_1) entered forwarding state
[  594.459354][   T77] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  594.467750][   T77] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  597.752438][ T7959] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  598.643013][ T7959] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  599.679859][ T7959] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  599.880371][ T8042] loop1: detected capacity change from 0 to 164
[  599.917303][ T7959] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  599.986519][ T7967] netdevsim netdevsim9 netdevsim0: renamed from eth0
[  600.068150][ T7967] netdevsim netdevsim9 netdevsim1: renamed from eth1
[  600.170123][ T7967] netdevsim netdevsim9 netdevsim2: renamed from eth2
[  600.300800][ T7902] 8021q: adding VLAN 0 to HW filter on device batadv0
[  600.333004][ T7967] netdevsim netdevsim9 netdevsim3: renamed from eth3
[  601.262164][ T8051] syzkaller0: entered promiscuous mode
[  601.268888][ T8051] syzkaller0: entered allmulticast mode
[  602.047045][ T7959] 8021q: adding VLAN 0 to HW filter on device bond0
[  602.363395][ T7959] 8021q: adding VLAN 0 to HW filter on device team0
[  602.413705][ T7967] 8021q: adding VLAN 0 to HW filter on device bond0
[  602.492463][ T2905] bridge0: port 1(bridge_slave_0) entered blocking state
[  602.500199][ T2905] bridge0: port 1(bridge_slave_0) entered forwarding state
[  602.656901][ T2905] bridge0: port 2(bridge_slave_1) entered blocking state
[  602.664472][ T2905] bridge0: port 2(bridge_slave_1) entered forwarding state
[  602.770641][ T7967] 8021q: adding VLAN 0 to HW filter on device team0
[  602.939202][ T2905] bridge0: port 1(bridge_slave_0) entered blocking state
[  602.946940][ T2905] bridge0: port 1(bridge_slave_0) entered forwarding state
[  602.963891][ T2905] bridge0: port 2(bridge_slave_1) entered blocking state
[  602.971644][ T2905] bridge0: port 2(bridge_slave_1) entered forwarding state
[  603.145224][ T7959] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  603.156131][ T7959] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  603.379312][ T7967] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  603.671136][ T8066] loop1: detected capacity change from 0 to 1024
[  604.413454][ T8066] hfsplus: keylen 65060 too large
[  604.419325][ T8066] hfsplus: xattr search failed
[  604.827734][ T7902] veth0_vlan: entered promiscuous mode
[  604.999997][ T7902] veth1_vlan: entered promiscuous mode
[  605.370904][ T7902] veth0_macvtap: entered promiscuous mode
[  605.477374][ T7902] veth1_macvtap: entered promiscuous mode
[  605.649587][ T7902] batman_adv: batadv0: Interface activated: batadv_slave_0
[  605.727703][ T7902] batman_adv: batadv0: Interface activated: batadv_slave_1
[  605.916910][ T2905] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  606.040010][ T2905] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  606.695838][ T4003] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  606.921712][ T4003] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  607.006903][ T7959] 8021q: adding VLAN 0 to HW filter on device batadv0
[  608.646797][ T7967] 8021q: adding VLAN 0 to HW filter on device batadv0
[  608.876116][ T8095] loop0: detected capacity change from 0 to 512
[  608.921352][ T8095] EXT4-fs (loop0): Cannot use DAX on a filesystem that may contain inline data
[  612.494916][ T7967] veth0_vlan: entered promiscuous mode
[  612.626084][ T7959] veth0_vlan: entered promiscuous mode
[  612.643307][ T7967] veth1_vlan: entered promiscuous mode
[  612.746192][ T7959] veth1_vlan: entered promiscuous mode
[  613.128843][ T7967] veth0_macvtap: entered promiscuous mode
[  613.242571][ T7967] veth1_macvtap: entered promiscuous mode
[  613.297935][ T7959] veth0_macvtap: entered promiscuous mode
[  613.353883][ T7959] veth1_macvtap: entered promiscuous mode
[  613.591300][ T7967] batman_adv: batadv0: Interface activated: batadv_slave_0
[  613.707805][ T7959] batman_adv: batadv0: Interface activated: batadv_slave_0
[  613.732693][ T7967] batman_adv: batadv0: Interface activated: batadv_slave_1
[  613.851885][ T4052] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  613.890294][ T7959] batman_adv: batadv0: Interface activated: batadv_slave_1
[  613.920588][   T12] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  613.921182][ T8140] loop1: detected capacity change from 0 to 2048
[  613.997197][   T12] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  614.048291][   T12] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  614.132684][   T12] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  614.244897][   T12] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  614.334614][ T2937] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  614.426317][ T2937] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  614.508931][ T8140] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  614.523114][ T8140] ext4 filesystem being mounted at /13/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  615.687740][ T7748] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  618.206240][   T77] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  618.214602][   T77] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  618.606245][ T3796] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  618.614654][ T3796] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  620.278385][ T8202] loop7: detected capacity change from 0 to 1024
[  620.331288][ T8202] EXT4-fs: Ignoring removed orlov option
[  620.340504][ T8202] EXT4-fs: Ignoring removed nomblk_io_submit option
[  620.482829][ T8202] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  620.965798][ T7902] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  622.650902][ T8230] loop7: detected capacity change from 0 to 1024
[  622.954389][ T8230] =====================================================
[  622.961624][ T8230] BUG: KMSAN: uninit-value in hfsplus_lookup+0x674/0xf70
[  622.969917][ T8230]  hfsplus_lookup+0x674/0xf70
[  622.975061][ T8230]  lookup_one_qstr_excl+0x23c/0x7a0
[  622.980473][ T8230]  do_renameat2+0x8ea/0x1a50
[  622.985630][ T8230]  __x64_sys_rename+0xd7/0x140
[  622.990638][ T8230]  x64_sys_call+0x269/0x3e20
[  622.995665][ T8230]  do_syscall_64+0xd9/0x210
[  623.004151][ T8230]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  623.012337][ T8230] 
[  623.014942][ T8230] Uninit was created at:
[  623.019472][ T8230]  __alloc_frozen_pages_noprof+0x689/0xf00
[  623.025681][ T8230]  alloc_pages_mpol+0x328/0x860
[  623.030750][ T8230]  alloc_frozen_pages_noprof+0xf7/0x200
[  623.040321][ T8230]  allocate_slab+0x24d/0x1220
[  623.046674][ T8230]  ___slab_alloc+0x1024/0x34e0
[  623.051645][ T8230]  kmem_cache_alloc_lru_noprof+0x922/0xed0
[  623.059472][ T8230]  hfsplus_alloc_inode+0x5a/0xd0
[  623.064813][ T8230]  alloc_inode+0x8a/0x4a0
[  623.069362][ T8230]  iget_locked+0x239/0x12d0
[  623.074271][ T8230]  hfsplus_iget+0x5c/0xb80
[  623.078875][ T8230]  hfsplus_btree_open+0x128/0x1cf0
[  623.084447][ T8230]  hfsplus_fill_super+0x1161/0x2730
[  623.089836][ T8230]  get_tree_bdev_flags+0x6e3/0x920
[  623.095430][ T8230]  get_tree_bdev+0x38/0x50
[  623.100060][ T8230]  hfsplus_get_tree+0x35/0x40
[  623.108734][ T8230]  vfs_get_tree+0xb0/0x5c0
[  623.114901][ T8230]  do_new_mount+0x733/0x1420
[  623.119848][ T8230]  path_mount+0x6db/0x1e90
[  623.124712][ T8230]  __se_sys_mount+0x6eb/0x7d0
[  623.129615][ T8230]  __x64_sys_mount+0xe4/0x150
[  623.134716][ T8230]  x64_sys_call+0x3604/0x3e20
[  623.139658][ T8230]  do_syscall_64+0xd9/0x210
[  623.144573][ T8230]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  623.150665][ T8230] 
[  623.153381][ T8230] CPU: 1 UID: 0 PID: 8230 Comm: syz.7.426 Tainted: G        W           6.17.0-rc1-syzkaller-00038-g0cc53520e68b #0 PREEMPT(none) 
[  623.167309][ T8230] Tainted: [W]=WARN
[  623.171245][ T8230] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  623.181713][ T8230] =====================================================
[  623.189016][ T8230] Disabling lock debugging due to kernel taint
[  623.195497][ T8230] Kernel panic - not syncing: kmsan.panic set ...
[  623.202085][ T8230] CPU: 1 UID: 0 PID: 8230 Comm: syz.7.426 Tainted: G    B   W           6.17.0-rc1-syzkaller-00038-g0cc53520e68b #0 PREEMPT(none) 
[  623.215802][ T8230] Tainted: [B]=BAD_PAGE, [W]=WARN
[  623.220962][ T8230] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  623.231180][ T8230] Call Trace:
[  623.234583][ T8230]  <TASK>
[  623.237645][ T8230]  __dump_stack+0x26/0x30
[  623.242210][ T8230]  dump_stack_lvl+0x53/0x270
[  623.247054][ T8230]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  623.253117][ T8230]  dump_stack+0x1e/0x25
[  623.257497][ T8230]  vpanic+0x361/0xc50
[  623.261718][ T8230]  panic+0x15d/0x160
[  623.266239][ T8230]  kmsan_report+0x31c/0x320
[  623.270968][ T8230]  ? __msan_warning+0x1b/0x30
[  623.275847][ T8230]  ? hfsplus_lookup+0x674/0xf70
[  623.280919][ T8230]  ? lookup_one_qstr_excl+0x23c/0x7a0
[  623.286477][ T8230]  ? do_renameat2+0x8ea/0x1a50
[  623.291472][ T8230]  ? __x64_sys_rename+0xd7/0x140
[  623.296655][ T8230]  ? x64_sys_call+0x269/0x3e20
[  623.301724][ T8230]  ? do_syscall_64+0xd9/0x210
[  623.306641][ T8230]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  623.312941][ T8230]  ? kmsan_get_metadata+0xfb/0x160
[  623.318274][ T8230]  ? kmsan_internal_memmove_metadata+0x91/0x230
[  623.324824][ T8230]  ? __msan_memcpy+0x108/0x1c0
[  623.329814][ T8230]  ? hfsplus_bnode_read+0x6f8/0x990
[  623.335268][ T8230]  ? kmsan_get_metadata+0xfb/0x160
[  623.340611][ T8230]  ? kmsan_get_metadata+0xfb/0x160
[  623.345949][ T8230]  __msan_warning+0x1b/0x30
[  623.350645][ T8230]  hfsplus_lookup+0x674/0xf70
[  623.355608][ T8230]  ? kmsan_get_metadata+0xfb/0x160
[  623.361082][ T8230]  ? kmsan_get_metadata+0xfb/0x160
[  623.366429][ T8230]  ? kmsan_internal_set_shadow_origin+0x79/0x110
[  623.372985][ T8230]  ? kmsan_internal_unpoison_memory+0x14/0x20
[  623.379344][ T8230]  ? _raw_spin_unlock+0x30/0x50
[  623.384383][ T8230]  ? kmsan_get_metadata+0xfb/0x160
[  623.389678][ T8230]  ? __pfx_hfsplus_lookup+0x10/0x10
[  623.395178][ T8230]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  623.401182][ T8230]  ? __pfx_hfsplus_lookup+0x10/0x10
[  623.406568][ T8230]  lookup_one_qstr_excl+0x23c/0x7a0
[  623.411937][ T8230]  ? kmsan_get_metadata+0xfb/0x160
[  623.417251][ T8230]  do_renameat2+0x8ea/0x1a50
[  623.422050][ T8230]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  623.428136][ T8230]  __x64_sys_rename+0xd7/0x140
[  623.433108][ T8230]  x64_sys_call+0x269/0x3e20
[  623.437916][ T8230]  do_syscall_64+0xd9/0x210
[  623.442609][ T8230]  ? irqentry_exit+0x16/0x60
[  623.447380][ T8230]  ? clear_bhb_loop+0x40/0x90
[  623.452263][ T8230]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  623.458328][ T8230] RIP: 0033:0x7f6d3d58ebe9
[  623.462875][ T8230] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  623.482657][ T8230] RSP: 002b:00007f6d3e484038 EFLAGS: 00000246 ORIG_RAX: 0000000000000052
[  623.491259][ T8230] RAX: ffffffffffffffda RBX: 00007f6d3d7b5fa0 RCX: 00007f6d3d58ebe9
[  623.499373][ T8230] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000200000000000
[  623.507480][ T8230] RBP: 00007f6d3d611e19 R08: 0000000000000000 R09: 0000000000000000
[  623.515577][ T8230] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  623.523678][ T8230] R13: 00007f6d3d7b6038 R14: 00007f6d3d7b5fa0 R15: 00007ffe9b2de208
[  623.531829][ T8230]  </TASK>
[  623.535311][ T8230] Kernel Offset: disabled
[  623.539707][ T8230] Rebooting in 86400 seconds..